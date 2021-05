The COVID-19 test data collection portal of the Bruhat Bengaluru Mahanagara Palike (BBMP) was shut down on May 26 after a possible data breach, which allows hackers to access the health information of citizens, was flagged by the Free Software Movement of India.

The COVID-19 test data collected for the Public Health Activities, Surveillance, and Tracking (PHAST) portal of BBMP included name, age, gender, patient ID, ICMR test ID, lab name, test result (positive/negative), and the sample collected and received date. The data also included the hospital name if the patient was hospitalized, as well as the status of symptoms.

As per a report by The News Minute, the Free Software Movement of India (FSMI), a coalition of organizations had written to the BBMP Special Commissioner (Health and Information technology) about the data breach stating it would not be difficult for any hacker to gather these details. FSMI works on software freedom, access, and privacy. The data can be accessed with just the help of a phone number it further mentioned in the letter.

BBMP had contracted the job of uploading the data to Xyramsoft. BBMP has shut down the website after the possible data breach threat was detected.

FSMI has demanded action to be taken against the contractor and the PHAST website be shut down till a security audit is conducted.

According to the Information Technology Rules of 2011, health record information is ‘sensitive’ data. The collection, storage, and disclosure of such data must be bound by “Reasonable security practices & Procedures”.

This is not the first time data of COVID-19 patients has been found breached. Last November, a resident raised the alarm after it was found that a Karnataka government website was disclosing details of COVID-19 patients.