Data obtained from the Nigeria HIV/AIDS Indicator and Impact Survey (NAIIS) in 2018 risk being compromised as a cyber security firm, WizCase, releases lists of medical websites across the world whose databases servers are insecure.
The company said this is especially troubling since medical data should be kept private.
“However, we’ve found several leaks that seriously raise questions regarding how our medical data is handled and secured in this technological era.
“Our web security team, led by Avishai Efrat, found nine unsecured medical databases from around the world.
“Some of these databases are from 3rd party companies that provide data management and insight for medical institutions.
“Unfortunately, they might not understand the possible implications of handling sensitive data insecurely online.
“Some of the personal data that we found included: Patients data (Names, Addresses, Social security numbers, Email addresses, Phone number), Company data (Employee information), Research-related information, Medical observations, and Prescriptions e.t.cc,” it stated on its website.
It added: “They were all unsecured and didn’t require a password to be accessed, leaving millions of patients’ data vulnerable.”
It noted that database servers of nine medical companies around the world, including those from Nigeria, Canada, China, Brazil and the United States, risk been compromised. Other countries mentioned are France and Saudi Arabia.
For Nigeria, it said over 80,000 records of people who participated in the Nigeria HIV/AIDS Indicator and Impact Survey (NAIIS) in 2018 are vulnerable and risk being compromised.
According to the firm, the NAIIS assessed the prevalence of key HIV-related health indicators last year.
“The data leak included facility and hospital names; patients’ pregnancy status; laboratory results code and value; patients’ age; HIV validation first test date and time; HIV encounter data; medical observations of anonymous people taking the survey; etc.
“This survey was made of 88,775 randomly-selected households in Nigeria, counting approximately 168,100 participants, ages 15-64 years and children, ages 0-14 years,” it said.
It stated that the unsecured NAIIS database size was one gigabyte.
As a precaution, the firm said: “We have contacted all of the companies, their hosting provider, and in some cases the local authorities but there are still unsecured databases.
“We hope that after publishing this exposé they will have no choice but to secure the database and protect their customers/patients’ privacy.”
