Francetest computer flaw leads to leakage of Covid-19 test results
Francetest computer flaw made thousands of Covid-19 test results accessible, which were carried out in pharmacies, and the company requested the assistance of cybersecurity specialists for the same. Francetest specializes in transferring test data from different pharmacies. It stated that with the help of the experts, it aims to conduct security assessment tests on its servers.
Mediapart identified the flaw and stated that the names, surnames, DOB, addresses, telephone numbers, SSNs, email Ids, along with the test results of 700,000 people, were available due to an easily accessible password on the company’s website.
The website lacked some basic protection practices to prohibit access to the site tree. So without any hard work, it enabled the hackers to get access to personal data, which was not meant for them.
Also Read: Data leaks on Thai Vaccine registration site
Upon identification, Francetest has informed the Cnil, French gendarme of personal data, who has launched an investigation in this regard. According to Francetest, there is no evidence of leakage of personal information from patients or pharmacists. They claim that, as of now, the flaw has been identified by one entity, but more analysis is required to determine if there are other people who have viewed or extracted patients’ personal information.
The company also stated that it immediately took the necessary technical measures to rectify the issue, along with other basic security measures that include changing passwords and updating firewalls. For this purpose, the company says that it considers this incident to be technically closed. It added that the investigation on the information of pharmacists and patients impacted by the flaw is underway.
In regard to the issue, the General Directorate of Health (DGS) also emailed the pharmacists sending them a reminder of the software approved and compatible with Si-Dep.