Recent cybersecurity breaches in prominent Indian medical institutions have raised concerns about data security and privacy. From AIIMS Delhi facing a ransomware attack impacting patient records to the Indian Council of Medical Research (ICMR) allegedly exposing personal information of millions, these incidents highlight the challenges faced by cybersecurity agencies against sophisticated hackers.
AIIMS Delhi suffered a severe attack last year with suspicions of Chinese involvement. Patient data encryption was accommodated, raising worries about potential data exposure. Similarly, Safdarjung Hospital encountered a milder breach, affecting sections of their server, albeit limited data risk due to manual operations.
The government assurances of data recovery post-attack, uncertainties linger about compromised data fate, especially whether it reached the dark web. The Indian Computer Emergency Response Team (CERT-In) attributed the AIIMS breach to improper network segmentation, while government officials, including Union Minister Rajeev Chandrasekhar, pointed to unknown threat actors behind the attacks.
The need for robust legal measures to tackle cryptoware has been emphasized, similar to the approach adopted in the United States. The founder of the International Commission on CyberSecurity Law, Pavan Duggal, highlighted India’s significant challenges in tackling cyber threats targeting its populace.
The latest breach at ICMR, purportedly exposing personal data of over 81.5 crore Indians on the dark web, prompted ongoing investigations. Plans for a potential Central Bureau of Investigation (CBI) inquiry await ICMR’s formal complaint.
The Ministry of AYUSH in Jharkhand witnessed a breach, compromising over 3.2 lakh patient records. Sensitive patient data, encompassing diagnoses, and confidential doctor credentials and contact information were exposed in the compromised database. Cybersecurity firm CloudSEK linked the breach to a threat actor known as “Tanaka,” highlighting widespread susceptibility within healthcare institutions.
These incidents highlight the pressing need for strengthening cybersecurity measures, rigid legal frameworks against cryptoware, and proactive strategies to safeguard sensitive medical data in India.