French security researcher Robert Baptiste who goes by the moniker Elliot Alderson, had earlier brought to light the security chinks in UIDAI system, has ignited a fresh concern about the safety of official websites by resolving the coding flaws in Hridyam, a web-based solution introduced by the state government of Kerala for system management of children with Congenital heart disease (CHD).
Contact has been established https://t.co/tI0JdYUcuA
— Elliot Alderson (@fs0c131y) February 3, 2019
“The @Hridayam_kerala initiative is leaking the medical cases of thousands,” tweeted Alderson, who later told Express the “improper authentication in the website” made it susceptible to breach. “The breach was possible due to coding flaw in the website,” he said.He, however, said there was no deliberate plot from the side of those associated with the website to leak the information.“This wasn’t done on purpose. This is a security flaw,” he added.
Additional Chief Secretary Department of Health and Family Welfare Rajeev Sadanandan said the firewall of Hridyam was not foolproof as it does not have any sensitive information.
“The web page was meant for registration of children with congenital heart disease. The website only has their medical details and no sensitive information,” he said.
Rajeev, however, thanked the ‘ethical hacker’ for making them realize the weak points of the website. The incident, as per Health Department sources, will prompt officers to review the security features of websites such as eHealth that carry sensitive information.