HomeLatest NewseHealthRedcliffe Labs exposes over 12 million patient records
Cyber Security

Redcliffe Labs exposes over 12 million patient records

Tech Observer Desk
By Tech Observer Desk
Updated On
Listen . 1 min
Make us preferred on Google

This exposure included names of patients and doctors, details about whether the testing sample was collected at home or a medical facility, and an extensive array of other health-related information, said cybersecurity researcher.

Redcliffe Labs
Redcliffe Labs (Photo: File)
Preferred Source of Google

Exclusive

A senior cybersecurity researcher reported that Noida-based diagnostics service provider Redcliffe Labs exposed over 12 million patient records due to a misconfigured and non-password-protected database.

“Exposed database comprised medical diagnostic scans, test results, and a wealth of sensitive medical information,” said cybersecurity researcher, Jeremiah Fowler, who first reported this to WebsitePlanet.

The database in question reportedly contained 12,347,297 records, adding up to 7 TB of data. This exposure included names of patients and doctors, details about whether the testing sample was collected at home or a medical facility, and an extensive array of other health-related information.

Advertisement
EVENT
Saksham Bharat 2026
Saksham Bharat 2026
A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.
📅 Tue, 26 May 2026
📍 Mumbai, Bengaluru, Delhi
Register Now →
EVENT
VeeamON 2026 Tour India - Mumbai
VeeamON 2026 Tour India - Mumbai
A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.
📅 Tue, 26 May 2026
📍 Grand Hyatt, BKC
Register Now →
EVENT
Cyber Surakshit Uttar Pradesh
Cyber Surakshit Uttar Pradesh
Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.
📅 Thu, 28 May 2026
📍 Lucknow
Register Now →
EVENT
VeeamON 2026 Tour India - Bengaluru
VeeamON 2026 Tour India - Bengaluru
A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.
📅 Wed, 03 Jun 2026
📍 JW Marriott Hotel
Register Now →
EVENT
VeeamON 2026 Tour India - Delhi
VeeamON 2026 Tour India - Delhi
A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.
📅 Fri, 19 Jun 2026
📍 Shangri-La Eros
Register Now →
EVENT
Infosec Reimagined
Infosec Reimagined
Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.
📅 Fri, 26 Jun 2026
📍 New Delhi
Register Now →
EVENT
Digital Senate
Digital Senate
Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.
📅 Thu, 30 Jul 2026
📍 New Delhi
Register Now →
EVENT
CIO Prism
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
📅 Fri, 18 Sep 2026
📍 Goa
Register Now →

Fowler noted that while Redcliffe Labs’ official customer base is 2.5 million, the presence of over 6 million PDF documents in a folder marked “test results” suggests the breach could have a wider impact.

Fowler’s investigation further revealed that along with the patient records, development files related to Redcliffe Labs’ popular mobile application were also exposed.

“Such files are crucial as they control an app’s functionality and the data transmitted between the user and the host . In the wrong hands, this information could lead to cyberattacks compromising user data, app functionality, or mobile device security,” Fowler explained.

Advertisement

According to cybersecurity experts, the risks associated with this kind of data exposure are manifold, including medical identity theft, , and misuse of private health information. The sector, known for holding valuable data, remains a prime target for cybercriminals.

In its report, Fowler underscored the importance of cybersecurity in healthcare and recommends steps like data encryption, regular testing of data repositories, and updated security protocols. He also emphasised the need for cybersecurity training for staff and contractors and the establishment of an incident response plan.

This incident coincides with the recent implementation of the Digital Personal Data Protection Act, 2023 (DPDP Act), India’s first comprehensive data protection . This act mandates that companies report data breaches within 72 hours and imposes significant financial penalties for non-compliance.

Advertisement

Fowler clarified that, as of his findings, there is no evidence to suggest that any unauthorised parties have accessed the app or patients’ data. An email sent to the company by TechObserver.in is yet to be replied.

ALSO READ

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
Make us preferred on Google
Tech Observer Desk
Tech Observer Desk
Tech Observer Desk at TechObserver.in is a team of technology reporters led by a senior editor who brings latest updates and developments from the world of technology.
- Advertisement -
Powered By Veeam Logo
- Advertisement -

Subscribe to our Newsletter

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

Latest in TECH

Tech Observer Desk

India to Lead Global IT Security Standards Body for Two Years

India will chair the Common Criteria Development Board from April 2026, gaining influence over international IT security certification standards recognised by 38 countries.

RELATED ARTICLES