A security lapse in LogBox, a South African medical data startup has resulted in user’s accounts and patient data being exposed.
Although the company has claimed that it provides a secure way for users to share their information with healthcare professionals, security research, Anurag Sen found an exposed database.
LogBox reportedly experienced a security breach exposing user’s private information
According to reports by TechCrunch, Anurag Sen shared that the exposed database contained “account access tokens for thousands of LogBox users, which if used would grant full access to user’s accounts without requiring their password.”
Shortly after an inquiry was made by TechCrunch, “the databased was pulled offline.”
Reports by TechCrunch shares that when enquiring on whether customers would be notified of the security breach or if they would inform the necessary industry regulators, LogBox director, Neal Goldstein, declined to comment.
LogBox was founded in 2010 and functions as an online platform that aids to simplify the healthcare process. The app eliminates the use of paperwork and allowing a direct digital connection between healthcare professionals and potential patients.
Since its inception, it has made strides in the tech health sector in South Africa. In 2019, LogBox partnered with leading pathology laboratories, Lancet Laboratories.
Lancet Laboratories operates in more than 11 African countries, providing LogBox with extended access to more users across the continent. According to an annual investment report by Weetracker, health tech ventures are stepping up to the plate in 2020, with an overall increased investment rate over five months.
A statement on the LogBox website regarding the Personal Information Act which has now come into effect relays that the company strives to ensure users’ data is protected. The new data privacy laws came into effect on 1 July and has been spearheaded by President Cyril Ramaphosa.
“Even before the publication of the Protection of Personal Information Act in 2013, we ruminated long on the secure handling of sensitive data and information. ”
POPI aims to protect personal data from breaches through strict regulations.
Editor’s Note: Ventureburn has reached out to LogBox for comment on this developing story and is awaiting feedback.
Featured image: LogBox Facebook, (Supplied)