One in 5 people who took COVID tests get promotional info from labs, hospitals: Study

CHENNAI: A research study has found that one in five people who got tested themselves for COVID are reportedly getting calls from various testing labs urging them to undergo tests if unwell, triggering suspected data leak among the public.

Several consumers have reported that in the last two years, they have been receiving unsolicited messages for getting pathology tests done from labs they used for COVID tests during 2020-22. Some others have reported receiving follow-up messages from the hospital where the COVID vaccine was administered.

The national survey conducted by LocalCircles, a community social media platform received over 18,000 responses from in 301 districts of India. Around 67% of respondents were men, while the remaining were women.

“Even the Union government has introduced the digital health mission in which the data including details such as colour, caste, genetic material, and hereditary diseases are given. These details, even for anything related to COVID, must not be revealed to any third party. Data should be maintained by the government and not a private party,” said Dr GR Ravindranath, secretary, Doctors Association for Social Equality (DASE)

Researchers alleged to have uncovered a massive data leak within a famous private hospital, according to reports. The leak, which could potentially have compromised the personal and medical records of lakhs of patients across the hospital’s network, was notified to the Indian Computer Emergency Response Team (CERT-in) and the National Critical Information Infrastructure Protection Centre (NCIIPC) for further investigation.

In 2023, the CERT-In, the cyber security arm of the Union government, is reported to have informed Indian Council of Medical Research (ICMR) about the data breach leak in which COVID-19 test details, including names, Aadhaar and passport information, phone numbers and addresses of 81.5 crore Indians were advertised on the dark web. In its communication, CERT-In is reported to have furnished ICMR with verification of sample data, which allegedly matches with the actual ICMR data.

The data leak of those who registered on the CoWIN portal for vaccination was first reported in June that a bot on Telegram (messaging app) breached parts of the health ministry’s CoWin app. The Ministry of Health and Family Welfare had ordered a probe by CERT-In, but refuted reports stating, “All such reports are without any basis and mischievous in nature, as the CoWIN portal is completely safe with adequate safeguards for data privacy.”

In June 2023, reports of the data leak had been ‘substantiated’ with details of several prominent citizens being shared on social media platforms like Twitter to prove the reliability of the news published.

According to the recently released Draft Digital Personal Data Protection Rules (DPDP) 2025, even if a customer has shared his or her contact details, the retailer/ diagnostic clinic or any other entity must keep it secure. They cannot use it for making spam calls or sending promotion messages unless explicit permission has been granted.

The study said that out of 9,381 responses, around 18% claimed that they had received promotional communication from places they got tested for COVID between 2021-2023.

A question answered by respondents with private entities for getting a vaccine dose is now being used to sell other health-related products and services to them. Overall, 17% of respondents indicated that they have been receiving promotional info in the last 42 months from labs, diagnostic centres and also hospitals where they got COVID vaccine, and also from third parties.

The survey findings found that data of some citizens have been compromised by hospitals/ labs while compiling patient data during the time of COVID test or administering the vaccine or booster dose. This unethical practice appears to be a clear misuse of information. The government needs to not only protect citizens' data given to its agencies with specific purpose but also ensure that private entities also safeguard the data, the survey responses said.