More than 80,000 people reportedly had their COVID-19 test results exposed, alongside their names and addresses, in a huge security breach

Employee Melissa demonstrates how she takes a swab sample for a rapid antigen test on pharmacist Christian Fehske (L) at a Corona test center in a specially created room next to the 'Rathaus' pharmacy in Hagen, western Germany on March 10, 2021, during the ongoing coronavirus (Covid-19) pandemic.
Employee Melissa demonstrates how she takes a swab sample for a rapid antigen test on pharmacist Christian Fehske (L) at a Corona test center in a specially created room next to the 'Rathaus' pharmacy in Hagen, western Germany.
  • COVID-19 test results were left unprotected after a security breach at 100 test centers in Germany and Austria.
  • More than 136,000 tests, names, addresses, and birth dates were accessible via Medicus AI's software.
  • More than 80,000 Germans and Austrians were affected, according to a group of IT experts.
  • See more stories on Insider's business page.

A security breach in Germany and Austria left the results of more than 136,000 COVID-19 tests unprotected, a group of IT experts said Thursday.

The breach of test-centre software left the names, addresses and other personal information of more than 80,000 people unprotected, they said.

The group of experts, called the Zerforschung, and the German publication Chaos Computer Club (CCC) revealed in a report that there was a gap in the software used at more than 100 test centers across the two countries.

This included test sites based in companies, schools, and daycare centers. More than 80,000 people in Germany and Austria were affected, the CCC reported.

Not only were the COVID-19 testresults accessible, but also the name, date of birth, address, citizenship and ID number on the test certificate, the Zerforschung found.

Just because the data was accessible does not mean that it was all accessed.

The IT experts said they discovered the security breach after visiting a Berlin COVID-19 test center run by the Munich-based firm 21Dx, which says it's the biggest operator of coronavirus test and vaccination centers in Germany.

21Dx uses the software SafePlay from Medicus AI, where the security gap originated.

Medicus AI, an Austrian digital health tech company, told the German newspaper Süddeutsche Zeitung that the security breach was caused "by a bug in a software update from mid-February."

Only a "technically very experienced person with the appropriate technical tools" could get access to the information, Medicus AI said. The company didn't deny to the Süddeutsche Zeitung that 136,000 test results were accessible online.

But the CCC said in its report that you only had to create an account for a COVID-19 test to access the personal data stored in PDF documents.

Thanks to a seperate loophole in the software, unauthorized users could also access a employee portal through the account they made for their COVID-19 test, see when a test was carried out at each center, and whether the test was positive or negative, the experts found.

Through the portal, it was easy to access photos of the test results, which featured the names of patients, the CCC said in the report.

Insider contacted Medicus AI for comment, but did not immediately receive a response.

The security breach has been resolved in the past week, the Zerforschung and CCC reported.

Read the original article on Business Insider


from Business Insider https://ift.tt/3bZhb0L

No comments

Powered by Blogger.