French ethical hacker exposes Hridayam, says data being leaked

Additional Chief Secretary (Health) Rajeev Sadanandan said the firewall of Hridayam was not foolproof as it does not have any sensitive information.

Published: 04th February 2019 04:01 AM  |   Last Updated: 04th February 2019 04:01 AM   |  A+A-

Medical case details of a patient shared by Elderson to Express in strict confidence that personal details will be blurred before publishing

Express News Service

THIRUVANANTHAPURAM: French security researcher Robert Baptiste aka Elliot Alderson, who famously brought to light the security chinks in Aadhaar system, has ignited a fresh concern about the safety of official websites by unravelling the coding flaws in Hridayam, a web-based solution introduced by the state government for system management of children with congenital heart disease.

“The @Hridayam_kerala initiative is leaking the medical cases of thousands,” tweeted Alderson, who later told Express the “improper authentication in the website” made it susceptible to breach. “The breach was possible due to coding flaw in the website,” he said.He, however, said there was no deliberate plot from the side of those associated with the website to leak the information.“This wasn’t done on purpose. This is a security flaw,” he added.

Additional Chief Secretary (Health) Rajeev Sadanandan said the firewall of Hridayam was not foolproof as it does not have any sensitive information.“The web page was meant for registration of children with congenital heart disease. The website only has their medical details and no sensitive information,” he said. Rajeev, however, thanked the “ethical hacker” for making them realise the vulnerabilities of the website.
The incident, as per Health Department sources, will prompt officers to review the security features of websites such as eHealth that carry sensitive information.

Though the health officers maintained they have got in touch with the ethical hacker soon after the leakage came to public domain, Alderson said no one from the state government has contacted him through direct messages. Express has also received the copies of the sensitive details of the patients and their contact info leaked from the website.

Fault or no fault
The @Hridayam_kerala initiative is leaking the medical cases of thousands

Elliot Alderson
Says there was no deliberate plot from the side of those associated with the website to leak information
Additional Chief Secretary (Health) thanks the Frenchman

Stay up to date on all the latest Kerala news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp