1.3 Million Patients' COVID-19 Records Exposed

Cybercriminals could exploit nearly 1.3 million exposed records from a Netherlands-based COVID-19 laboratory, including testing information and patients' passport numbers.

Cybersecurity researcher Jeremiah Fowler discovered and reported to vpnMentor about a non-password-protected database belonging to Coronalab.eu, one of the Netherlands' two largest commercial test providers.

The database contained nearly 1.3 million records that included 118,441 certificates, 506,663 appointments, 660,173 testing samples, and a small number of internal application files.

The exposed COVID test records contained personally identifiable information, such as each patient's name, nationality, passport number, and test results.

Thousands of QR codes and hundreds of .csv files showing appointment details and many patients' email addresses were also exposed.

Cybercriminals could attempt to exploit exposed personal details and emails. For instance, they could launch targeted phishing campaigns using internal information or posing as a laboratory employee.

Criminals could reference test dates and other information that only the patient and the laboratory would know to make it more convincing.

Exposure involving COVID-19 test data combined with personally identifiable information could potentially compromise the personal and medical privacy of the individuals whose records were exposed.

However, it is unknown if anyone else gained access to the exposed COVID-19 test data, Fowler notes.

Exposure to COVID-19 tests may lead to multiple risks in the future because scientists are still learning about the long-term health effects of the virus, and it remains unknown how pandemic-era data could be used years later.

Hypothetically, insurers could raise premium rates if research found that having COVID-19 increases the risk of other diseases in the future.

Protecting your health information

One in four Americans had their health information exposed in 2023, according to an estimate by Cynerio, an IT services company.

Medical records include sensitive information that could be easily monetized, for example, Social Security numbers and health insurance information.

Such data could be used to commit identity theft to obtain loans and credit cards in victims' names, as well as to impersonate patients to obtain expensive medical services or devices.

While organizations normally carry the responsibility of protecting patients' data, there is something every individual can do to make their personal information safer:

  • Change passwords on your accounts after a data breach.
  • Don't use the same password on different sites.
  • Avoid easily guessable passwords, such as your mother's maiden name.
  • Use multi-factor authentication.

Leaked COVID-19 test results and other medical information could be used to commit fraud and, hypothetically, have unpredictable long-term impacts, such as higher insurance costs.


Leave a reply

Your email will not be published. All fields are required.