Over 17,000 patients' personal data exposed on national neurology registry website

[zanderthunder]

Wednesday, 23 Oct 2019 | 12:12 PM MYT

 

PETALING JAYA: In yet another data breach, more than 17,000 patients' personal data have been exposed on the government-linked National Neurology Registry (NNeuR) website due to a scripting error, news portal Free Malaysia Today (FMT) reported.

 

The portal reported that the data breach exposed among others NRIC numbers, phone numbers and addresses as the registry's database could be accessed.

 

The report noted that its reporter was led to the tip-off by a source in Canada who had stumbled upon a broken link on the website as he was looking for information on Malaysian neurology patients.

 

"All the data was downloadable and editable," the report said.

 

According to NNeuR, the registry started in December 2008 and is supported by the Health Ministry to gather information about stroke and epilepsy in Malaysia.

 

FMT noted that the registry was developed by Shah Alam-based company Rocket Integration Technology in 2008.

 

The country has been involved in several data breaches this year, among which includes, the massive data leak of personal details of telecommunications service providers' customers, the data leak of almost 20,000 patient radiological records, and the personal data leak of Malindo Air customers.

 

The latest incident happened on Oct 17 when bank account details of fuel subsidy recipients were leaked on the Domestic Trade and Consumer Affairs Ministry's newly-launched Petrol Subsidy Programme microsite.

 

Source: Over 17,000 patients' personal data exposed on national neurology registry website (via The Star Online)

[zanderthunder]

Health Ministry: Patient data on National Neurology Registry at risk of exposure

 

 

Wednesday, 23 Oct 2019 | 8:40 PM MYT
By Angelin Yeoh

 

Private information belonging to over 17,000 patients are at risk of exposure on the National Neurology Registry (NNeuR) website, according to the Health Ministry in its preliminary investigation.

 

The Health Ministry issued the statement after taking note of an earlier report by website Free Malaysia Today about how a scripting error on the NNeuR website may have allowed access to a confidential patient database, which included information such as NRIC, phone numbers and addresses.

 

The Ministry said it is working with National Cyber Security Agency (Nacsa), Malaysia Communications and Multimedia Commission (MCMC) and Cybersecurity Malaysia for further investigation. It added that it is taking the matter seriously and will not compromise on matters related to protecting patients' private information.

 

The NNeuR was created in 2008 with the support of the Health Ministry to gather information about stroke and epilepsy in Malaysia. A check by The Star found that the website contained a lot of outdated general information such as contact numbers that are no longer in service and names of staff members who have retired.

 

This is possibly the second data breach involving the Health Ministry in 2019. In September, Germany-based security firm Greenbone Networks claimed that information on 19,992 radiological reports from Malaysia was freely accessible on computer servers worldwide.

 

In 2017, The Star reported that 81,309 records from the Malaysian Medical Council, Malaysian Medical Association (MMA) and Malaysian Dental Association were also leaked as part of a massive data breach that involved over 46 million mobile number subscribers.

 

Source: Health Ministry: Patient data on National Neurology Registry at risk of exposure (via The Star Online)