Covid test lab leaks details of over a million patients online

News
By published

Unsecured data included names, dates of birth, and passport numbers

Skull and Bones
Image Credit: Pixabay (Image credit: Pixabay)

A leaked Covid-19 testing database which contains the personal details of an estimated 1.3 million people has been discovered online by a top security researcher.

The database, operated by Coronalab.eu which is owned by Microbe & Lab, an ISO-certified lab based in Amsterdam, Netherlands, was found without password protection and the documents within were all marked with the name and logo of the database owner.

Article continues below

Data leakage, identity theft, and potentially much more

Inside the database, the full names, dates of birth and passport numbers of over a million people were discovered. The owner of the database, Microbe & Lab, is an ISO-certified lab based in Amsterdam, Netherlands.

The email addresses, test results, prices and locations of many other tests were also found within QR codes and .csv files. This information would be an absolute goldmine for a malicious actor, who could utilise the data to launch highly sophisticated Covid-19 related phishing attacks, commit fraud, or sell the data on.

Positive test certificate from the CoronaLabs database

A positive test certification from the CoronaLabs database with the patients full name, data of birth, and passport number. (Image credit: Jeremiah Fowler - vpnMentor)

Fowler noted in the research that it is not known who else had access to the data before it was discovered to be vulnerable, or how long it had been open to access, stating that, “only an internal forensic audit would identify if others may have accessed the database or performed any other suspicious activity. It is also unclear if customers, patients, or the authorities have been notified of the data incident.”

Fowler also pointed out that the improper storage of patient data is not only a risk to patient privacy, especially when the data is related to Covid testing but, “could also affect how patients view public healthcare providers and how much they trust them to safeguard their medical data.”

Covid is still relatively fresh in the minds of much of the world and medical researchers are still grappling with the potential long-term conditions such as ‘long Covid’. Fowler points out that the exposure of individual test results could have longer term ramifications due to the obscurity of the long term effects of the virus.

Due to the sensitivity of patient data, the Biden administration is seeking to introduce a new policy stating that medical providers must ensure that they follow the best security practices in order to secure funding.

More from TechRadar Pro

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.