Patient data from 2007 leaked from Tamil Nadu hospital: Report

After a cyber attack on state-backed hospital, All India Institute of Medical Sciences (Aiims), seemingly bringing a host of digitized operations and services to a halt, a new report by homegrown cyber security firm Cloudsek, published on Friday, claimed that a data set belonging to Sree Saran Medical Centre (SSMC) in Tirupati, Tamil Nadu is presently being sold on the dark web by a ‘threat actor with a high reputation’.

The data set allegedly contains personal health and identifiable information belonging to over 1.5 lakh patients, who have been served by SSMC. However, the data collated is from over 15 years ago — according to Cloudsek, the patient data collected in this database is from between 2007 and 2011.

Data shared with Mint by Cloudsek showed that the leaked information contains personal details such as birth dates, doctor details, residential addresses, and basic vitals of patients — such as height, weight and blood groups. Mint could not independently verify the database.

Until the time of publishing, the firm could not furbish a link to the so-called ‘dark web marketplace’, where the incident was allegedly spotted.

To be sure, the leaked database is not equivalent to the security breach that Aiims faced on November 23. Sandip Panda, chief executive of homegrown cyber security firm Instasafe, told Mint that while general awareness regarding such data leaks and cyber hygiene is good, it is “unlikely that user data sourced from 15 years ago would be worth much significance.”

Leaked personal data of users are regularly sold by threat actors, which in turn are used for various cyber breaches such as identity thefts and spear phishing. However, older and outdated data sets often fetch little value, and also have low confidence regarding their veracity.

Cloudsek alleged that the leaked data set may have been sourced from Chennai-based technology services firm, Three Cube IT Labs. However, the security firm said that it had “low confidence and no direct proof” in this regard.

Mint reached out to SSMC and Three Cube IT Labs for statements on the matter. Neither responded to emailed queries, at the time of publishing.

The database was reportedly hosted for as low as $100 (about ₹8,000), according to Cloudsek.

The report comes at a time when cyber attacks on healthcare infrastructure have been highlighted, as a result of the cyber attack on Aiims on November 23. The attack, which experts have deemed to be a ransomware attack for which undisclosed attackers have reportedly asked for ₹200 crore from the government-backed organization, so far remains under investigation. The operations took a wide volume of Aiims’ digitized operations and systems offline — although both Aiims and the local investigating body, Delhi Police, have so far denied that the attack in question was a ransomware.

On Thursday, cyber security thinktank, CyberPeace Foundation, published a survey that claimed that the domestic healthcare sector has faced over 1.9 million cyber attackers this year itself — until November 28.

Data sourced from cyber security firm IndusFace said that Indian healthcare sector ranks second only to the US in terms of total cyber attacks faced this year. The firm said that Indian healthcare services have faced nearly 2.8 lakh cyber attacks every month this year — a figure that could only grow in the future.