After the massive ransomware attack on Delhi AIIMS last year, now the alleged leak of ICMR data poses a threat of personal information of about 81.5 crore Indians being exposed. Continuous breaches in cyber security have increased the concern of crores of Indians.
AIIMS दिल्ली से लेकर ICMR तक डेटा लीक, साइबर सुरक्षा में सेंध से करोड़ों देशवासियों की निजी जानकारी उजागर होने का खतरा
The All India Institute of Medical Sciences (AIIMS), Delhi, was hit by a massive ransomware attack last year, compromising its centralized records and other hospital services. Now the data of Indian Council of Medical Research (ICMR) has reportedly been leaked. Hackers, who exposed personal information of at least 81.5 crore Indians, have always been one step ahead of cyber security agencies.
After AIIMS-Delhi was the victim of a hacking attack in November last year, where Chinese involvement was suspected, another top hospital in the national capital, Safdarjung Hospital, was also hit by a data breach in December. However, the hacking attack on Safdarjung Hospital was not as serious as the one on AIIMS-Delhi, and the possibility of data leakage was less as most of the work of the hospital ran on manual mode.
According to Safdarjung Hospital officials, the attack was not of a high level, but some parts of the hospital’s servers were affected. The hospital server was down for a day, which was later fixed. However, months after the cyber attack on AIIMS-Delhi, the government is yet to provide any satisfactory answer as to what happened to the patient data that was encrypted and may have been stolen by hackers.
Sensitive data of four crore patients, including political leaders and other VIPs, was potentially compromised in the hacking. According to sources, AIIMS server was hacked by the Chinese. The government says that services have been restored and patient data has been re-entered into the system, but the most important question is what happened to the stolen data? Did it reach the dark web?
The attack was analyzed by the Indian Computer Emergency Response Team (CERT-In). Found that this was caused by improper network segmentation. According to Union Minister of State for Electronics and Information Technology Rajeev Chandrashekhar, the attack was carried out by unknown elements.
According to Pawan Duggal, Founder and Chairman of the International Commission on Cyber Security Law, “It is time to come up with specific legal provisions to deal with ransomware. In the US, when someone pays a ransom they have actually made it a crime , because it is said that it is helping cyber criminals.”
“Around the world, the situation of countries is almost similar to that of India, except that the challenges are much bigger for India. Most of the cyber criminal activities are targeting Indians,” he said.
In the latest ICMR breach, which has reportedly exposed personal data of 81.5 crore Indians for sale on the dark web, the government said “there is evidence of leakage and investigation is underway, but data has not been stolen”. Given the serious nature of the incident, the Central Bureau of Investigation (CBI) is likely to investigate the case after ICMR files a complaint.
In September, cyber security researchers found that the official website of the Ministry of AYUSH in Jharkhand had been breached, exposing records of more than 3.2 lakh patients on the dark web. According to cybersecurity company CloudSEEK, the website’s database, which is 7.3 MB, holds patient records that include PII and medical diagnoses.
The compromised data also included sensitive information about doctors, including their PII, login credentials, user names, passwords, and phone numbers. The data breach was initiated by a threat actor named “Tanaka.”
Follow Us on… 
