Security Flaw in Health Startup Exposed User Accounts and Medical Information

85
FinTech startup on track to reshape mobile banking in Nigeria

LogBox, a South African medical data startup that claims it is an “absolutely secure” way to replace paper forms and documentation in sharing patient data with doctors, has allegedly exposed user accounts and sensitive patient data following a lapse in security; this according to a report by Techcrunch.

According to the report, Anurag Sen, a security researcher, found an exposed database belonging to the company. The database contained account access tokens for thousands of LogBox users, which if used would grant full access to the accounts and the information therein of users without even needing to input a password.

Sen had reported to LogBox that their database has been exposed, but did not hear back. TechCrunch writes that the database has been pulled offline as soon as it reached out.

LogBox’ database leak comes just as the country’s new data privacy laws came into effect on 1 July. The measure includes guidelines that apply to LogBox’s business activities and database exposure.


Neal Goldstein, director of LogBox, has of yet declined to comment or answer any questions, specifically, writes TechCrunch, if the company had planned to inform its customers that their data was exposed or if the company plans to report the incident to regulations – a legal must since the POPI act has been set in place in South Africa.

LogBox – a rising star in SA

Founded in 2010, LogBox has been a rising star in South Africa. The company partnered with one of the country’s largest medical diagnostics companies in Lancet Laboratories, which operates in 11 African countries.

South Africa is recognised as one of the continent’s largest tech hubs. Last year the country attracted over $206 million in venture capital.

Edited by Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter