THIRUVANANTHAPURAM: French security researcher Robert Baptiste aka Elliot Alderson, who famously brought to light the security chinks in Aadhaar system, has ignited a fresh concern about the safety of official websites by unravelling the coding flaws in Hridayam, a web-based solution introduced by the state government for system management of children with congenital heart disease.
“The @Hridayam_kerala initiative is leaking the medical cases of thousands,” tweeted Alderson, who later told Express the “improper authentication in the website” made it susceptible to breach. “The breach was possible due to coding flaw in the website,” he said.He, however, said there was no deliberate plot from the side of those associated with the website to leak the information.“This wasn’t done on purpose. This is a security flaw,” he added.
Additional Chief Secretary (Health) Rajeev Sadanandan said the firewall of Hridayam was not foolproof as it does not have any sensitive information.“The web page was meant for registration of children with congenital heart disease. The website only has their medical details and no sensitive information,” he said. Rajeev, however, thanked the “ethical hacker” for making them realise the vulnerabilities of the website.
The incident, as per Health Department sources, will prompt officers to review the security features of websites such as eHealth that carry sensitive information.
Though the health officers maintained they have got in touch with the ethical hacker soon after the leakage came to public domain, Alderson said no one from the state government has contacted him through direct messages. Express has also received the copies of the sensitive details of the patients and their contact info leaked from the website.
Fault or no fault
The @Hridayam_kerala initiative is leaking the medical cases of thousands
Says there was no deliberate plot from the side of those associated with the website to leak information
Additional Chief Secretary (Health) thanks the Frenchman