“This is a clear violation of IT Rules (2011) and shows an appalling lack of attention to protecting individuals personal and sensitive data.”This breach comes on the back of several alarms raised by cybersecurity experts that health records of Covid-19 patients, including their plasma details and blood groups are available on the dark web. “Covid-19 reports available in the public domain clearly shows BBMP’s healthcare IT service provider (Xyramsoft) did not give any layer of security to the personal data,” he said. “This calls for a cyber security audit and BBMP should penalise the software provider.”Since Xyram is a health surveillance software, there was no need for them to put the data in the public domain, Kodali said. “People will anyway get their test reports from testing laboratories or hospitals,” he said while also holding the civic body responsible for the breach of privacy.This is not the first time that Bengaluru's civic body has come under fire for data mismanagement. In 2019, in a case of breach of personal data, property tax receipts of 7,700 taxpayers were uploaded online.

Source: Economic Times May 26, 2021 02:36 UTC