According to the news reports published today medical records of over 120 million medical images of Indian patients and 1 million medical records got exposed due to a cyber incident. The records have been made available online freely by the attackers.
The records compromised included the patient records and scans and images with details such as the name of the patient, their date of birth, the national ID, name of the medical institution, their medical history, physician names and other details that are meant to be classified.
The incident is believed to have occurred due to the compromise of industry protocol for medical image storage and could have resulted from compromise of passwords of authorized persons.
While this sort of incidents could be termed as privacy infringement and the hospital could be liable for claim of damages from the affected patients, had the PDPA (Personal Data Protection Act ) been in place (Expected to be in place shortly), there could have been a hefty penalty imposed on the hospital by the Data Protection Authority.
For the time being the Breach candy hospital may escape liability but just as the “I Love You” virus expedited the passing of the Information Technology Act in 2000 , the Breach Candy leak could expedite the passage of the PDPA bill presently in the Parliament.
Also refer: Economic times article