From AIIMS Delhi to ICMR, Data Breaches Haunt Crores of Indians
IANS 13 November 2023
From a massive ransomware attack on the All India Institute of Medical Science (AIIMS) that crippled its centralised records and other hospital services last year to the latest Indian Council of Medical Research (ICMR) data leak that allegedly exposed the personal information of at least 815mn (million) Indians, hackers have always been one step ahead of cybersecurity agencies.
 
After AIIMS-Delhi became the victim of a hacking attack where Chinese involvement was suspected in November last year, another top hospital in the national capital, the Safdarjung Hospital, was also hit by a data breach in December.
 
However, the hacking attack on Safdarjung Hospital was not as severe as the one AIIMS-Delhi faced and the chances of data leak were less as a major part of the Hospital work ran on manual mode.
 
According to Safdarjung Hospital officials, the attack was not of a higher degree, but some sections of the Hospital server were impacted. The Hospital server was down for one day and was later rectified.
 
However, months after the cyber attack at AIIMS-Delhi, the government was yet to come up with a satisfactory answer about what happened to the patient data that was encrypted and may have been exfiltrated by the hackers.
 
Sensitive data of 40mn patients, including political leaders and other VIPs, was potentially compromised in the hacking.
 
As per sources, the AIIMS server was hacked by the Chinese. The government maintained that the services were restored and the patient data has been repopulated into the system, but the most important question is what happened to the compromised data? Did it make its way to the dark web?
 
The attack was analysed by the Indian Computer Emergency Response Team (CERT-In) and was found to have been caused by improper network segmentation.
 
According to Union minister of state for electronics and information technology, Rajeev Chandrasekhar, the attack was carried out by unknown threat actors.
 
"It is time to come up with specific legal provisions to deal with ransomware. In America, they have actually now made it an offence when somebody pays a ransom, because it is said to be aiding the cyber criminal," according to Pavan Duggal, the Founder and Chairman of the International Commission on Cyber Security Law.
 
"Across the world, countries are roughly in a similar kind of position that India is, except that the challenges for India are far too huge. Most of the cyber criminal activities are being targeted on Indians," he added.
 
In the latest ICMR breach that allegedly put the personal data of 815mn Indians on sale on the dark web, the government said there is “evidence of leakage and investigation is going on, but the data was not stolen."
 
Given the grave nature of the incident, the central bureau of investigation (CBI) was likely to probe the matter once ICMR files a complaint.
 
In September, cybersecurity researchers found that the official website of the ministry of AYUSH in Jharkhand had been breached, exposing over 320,000 patient records on the dark web.
 
According to the cybersecurity company CloudSEK, the website's database, amounting to 7.3MB, holds patient records that include PII and medical diagnoses. The compromised data also contains sensitive information about doctors, including their PII, login credentials, usernames, passwords, and phone numbers.
 
The data breach was initiated by a threat actor named 'Tanaka'.
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.
Comments
Agra Man Wins 5-year Battle To Recover Rs440 from Railways
IANS 13 November 2023
A 63-year-old man from Agra fought a battle for more than five years and attended 45 hearings, to get a sum of Rs440 from the Indian Railways.
 
He finally won the battle when the Agra district consumer forum court ruled in...
Liberty Videocon General Insurance Asked To Pay Rs24.18 Lakh Claim for Waterlogged BMW 5
Moneylife Digital Team 10 November 2023
Upholding an order passed by the state commission, the national consumer disputes redressal commission (NCDRC) directed Liberty Videocon General Insurance Co Ltd to pay Rs24.18 lakh, including the insured declared value (IDV) of the...
Fraud Alert: Diwali 'Free' Gift Scams
Yogesh Sapkale, 10 November 2023
The big shopping frenzy and the deals, discounts and offers that are part of all major festivals like Diwali, Dussehra or Christmas are enormous business opportunities for cybercriminals, too. These fraudsters thrive on robbing...
Why Is SBI Deducting Money for PM Jeevan Jyoti Bima without Authorisation or Consent from Customers?
Yogesh Sapkale, 10 November 2023
UPDATED at 10.20am on 16 November 2023 to reveal Rs342 deposited by cash by SBI in Reena's account.
 
State Bank of India (SBI) has unauthorisedly deducted Rs342 from a student account holder, even though its official...
Free Helpline
Legal Credit
Feedback