Data of 1.5 lakh patients put up for sale online, Health News, ET HealthWorld


Tamil Nadu: Data of 1.5 lakh patients put up for sale online

Personal details of more than 1.5 lakh patients of a Tirupur hospital have been put up for sale by cyber hackers through Telegram channels and specific cybercrime forums, according to Singapore-based CloudSEK, a contextual AI company that predicts cyber threats.

The details include birth dates, addresses, guardian’s names, and doctor’s details. The samples put out by the hackers belong to a database of Sree Saran Medical Centre from 2007 to 2011, an analysis by CloudSEK revealed. However, the hospital chairman Dr Palanisamy said no medical details of patients were compromised. The hospital has a new service provider and new software for its database.

CloudSEK does not yet have information on whether data from a period after that has been compromised as well, said CloudSEK founder Rahul Sasi.

‘Can term incident a supply chain attack’

On November 22, his company discovered the post made by a cybercriminal with a big reputation in a cybercrime forum “advertising sensitive information of patients allegedly sourced from Chennai-based Three Cube IT Lab India, a provider for application development, business intelligence and consulting services.

The database was advertised for $100 (meaning that multiple copies of the database would be sold), for cybercriminals seeking to be the exclusive owner of the database, the price is raised to $300 and if the owner intends to resell the database, the quoted price is $400.

CloudSEK’s researchers used the names of doctors from the database to identify the hospital. “We can term this incident as a supply chain attack, since the IT vendor of the hospital, in this case, Three Cube IT Lab, was targeted first. Using the access to the vendor’s systems as an initial foothold, the threat actor was able to exfiltrate personally identifiable information (PII) and protected health information (PHI) of their hospital clients,” said CloudSEK threat analyst Noel Varghese. This could have happened if the hackers had access to sensitive information such as system passwords, VPN credentials in the vendor’s systems. These can help them gain access to Three Cube IT Labs’ client infrastructure, he said.

This is the second incident of hacking in the healthcare sector in India in less than a week, but such incidents aren’t rare, said Rahul Sasi. “Indian healthcare has the second largest threat of cyberattack after the US. We have done several studies to show this,” he said.

Dr Palanisamy told TOI that no medical records of patients were stored in the system. “We do not maintain an electronic health record in the hospital,” he said. “Three Cube IT Lab was our service provider for a year. We used their software to build up our database, but we moved over to a new company four years ago. We are doing our best to ensure the safety of our patient records,” Palanisamy said.

Source link

Author: DelhiStyle

Leave a Reply

Your email address will not be published.