New Delhi: Cybersecurity company CloudSEK’s AI digital-risk platform XVigil on Wednesday detected a Russian-origin threat-actor group that claimed to have targeted the Indian health ministry’s health-management information system.
Access to the personnel directory and chief physicians of every Indian hospital is likely to have been jeopardised. This raises the prospect of exfiltration of licence documents and personally identifiable information being sold on cybercrime forums on the dark Web.
The attack was inferred to be the result of India agreeing to the G7 nations’ price caps and sanctions on Russian oil.
Healthcare systems being critical infrastructure, any disruption or interference can have severe consequences. In November, AIIMS faced a cyberattack that paralysed its servers, potentially placing health records and sensitive data of 30 million to 40 million patients at stake.
According to a report by think tank Ponemon Institute, which tracks privacy and information-technology issues, the average cost of a healthcare data breach is estimated to be $ 7.13 million, greater than the average cost of a breach in other industries.
Furthermore, cyberattacks on healthcare systems can have indirect costs, in the form of cost of healthcare services that become unavailable or delayed as a result of system outages or operational interruptions. These expenses can affect patient treatment and have long-term health and economic impact.
Phoenix, a ‘hacktivist’ group, has earlier used social-engineering techniques to trick victims into falling for phishing scams to acquire their passwords and gain access to their banks and payment accounts.
The group is infamous for carrying out DDoS attacks on several nation-states and departments, as well as actively engaging in hardware hacking and reselling them in Kyiv and Kharkiv via a network of controlled outlets.
The group has a history of targeting hospitals in Japan and the United Kingdom, US-based healthcare organisations which serve the US military, and the Spanish foreign ministry, among others.
In Phoenix’s case, the alleged involvement of a foreign state-sponsored hacking group makes the situation more concerning, as it raises questions about international cybersecurity norms and the potential for cyber warfare.
The incident highlights the need for increased vigilance and security measures to protect critical infrastructure and sensitive information from cyber threats. It also underscores the importance of international cooperation to address cyberattacks and ensure global cybersecurity.