Millions of COVID-19 test reports were found to be publicly accessible due to flawed online system implementation. The leak has been attributed to the Health and Welfare Department of West Bengal, India. An attacker could retrieve the results of millions of patients by simply enumerating the URLs:https://cpms.wbhealth.gov[.]in:8003/Covid19.aspx?SRFID=1931XXXXXX3. The URL endpoints previously leaking the reports now return a 404 (not found) message.
Source: https://www.bleepingcomputer.com/news/security/over-8-million-covid-19-test-results-leaked-online/