Cancer patients' sensitive information accessed by "unidentified parties" after being left exposed by screening lab for years


May 09, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Cancer patients' sensitive information accessed by "unidentified parties" after being left exposed by screening lab for years

A medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years - and accessible by unauthorised parties.

California-based Guardant Health is notifying affected individuals that information related to samples collected in late 2019 and 2020 was "inadvertently" left exposed online to the general public after an employee mistakenly uploaded it.

The leaked data included:

  • names
  • ages
  • medical record and identification numbers
  • medical information such as treatment information and dates
  • test results

Of course, many of the affected individuals are likely to be completely unaware that their data was even being stored by Guardant in the first place. This is because it would have been their physicians and hospitals that sent their samples for testing.

Worryingly, Guardant Health warns that the data was accessible for an extended period of time - from October 5, 2020 to February 29, 2024 - before being noticed by the company.

According to the firm, the file containing the sensitive data was copied by "unidentified third parties" between September 8, 2023 and February 28, 2024 - raising the spectre of fraudsters and online criminals exploiting the information for their own ends.

Guardant Health has not shared details of how many patients have had their privacy put at risk by the data breach.  Furthermore, they have offered no explanation of how the security lapse was not spotted earlier.

Although Guardant says that financial information and Social Security numbers were not included in the exposed data, the potential consequences for affected patients could be severe.

For now, Guardant's advice for patients is disappointingly generic. They suggest that patients monitor statements from medical providers for irregularities.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like