Records of 3.2 lakh patients exposed in Jharkhand Ayush portal breach: Report

The official website of the Ministry of Ayush in Jharkhand was reportedly breached and has exposed over 3.2 lakh patient records on the dark web, a new report said on Monday. 

According to the cybersecurity company CloudSEK, the website's database, amounting to 7.3 MB, holds patient records that include personally identifiable information (PII) and medical diagnoses. The data breach was initiated by a threat actor named "Tanaka" and the compromised data also contains sensitive information about doctors, including their PII, login credentials, usernames, passwords, and phone numbers, cybersecurity researchers at the firm said.

The Ayush website is a critical resource providing information about Ayurveda, Yoga, Naturopathy, Unani, Siddha, and Homoeopathy treatments. 

"The link between the compromised data and Ayush Jharkhand's website was established by cross-referencing chatbot and blog post data shared by the threat actor with publicly accessible data on the website," the researchers said. 

According to the report, the data breach exposed about 500 login credentials (some in cleartext), contact information of 737 individuals who utilized the "Contact Us" form, 472 records containing PII details of doctors, PII data of 91 doctors, along with the information about where they were posted. 

Moreover, the researchers said that the data breach poses significant risks, potentially leading to -- account takeovers due to leaked data, brute force attacks exploiting common or weak passwords, and heightened susceptibility to sophisticated phishing attacks. 

Cyber-attacks on government and critical infrastructure are increasing especially with the growing tech adoption in these facilities. The country is also becoming one of the top targets for cybercriminals looking to steal critical data which they can sell on the Dark Web. Around 12% of all unique user data found in cybercrime marketplaces belonged to Indians, a NordVPN report, released in December 2022 revealed. Cybersecurity firm Trend Micro also found in a survey, published in September, that 75% of Indian firms have been hit by ransomware attacks since 2019.  

In April, government-run All India Institute of Medical Sciences (AIIMS) in New Delhi which was hit by a ransomware attack that disrupted most of its online services for over two weeks followed by cyber-attack at Safdarjung Hospital, another Delhi-based government hospital, and in October 2022, Tata Power, one of the biggest power suppliers in the country which serves 12 million consumers, said that its IT systems were hit by a cyberattack. 

India has recorded 18% surge in weekly cyber-attacks between January and March 2023, according to a cyber-security firm Check Point. "During the first quarter of 2023, India average weekly attacks rose by 18% in comparison to the corresponding period in 2022, with each organisation facing an average of 2,108 weekly attacks per organisation," the report said. 

According to an alert shared by the Home Ministry in April, a cyber-attack group ‘Hacktivist Indonesia’ has circulated a list of 12,000 websites which they want to target. The group has previously been linked to cyber-attacks in Sweden, Israel and the US. The list includes thousands of government such - including Aadhaar, departments of police, space, and Income Tax and even consulate websites. 

To address this critical breach of Ayush in Jharkhand and other similar breaches, cybersecurity experts recommended several mitigation strategies such as the implementation of a robust password policy, activation of multi-factor authentication (MFA) across all logins, prompt patching of vulnerable and exploitable endpoints, prohibition of sharing unencrypted secrets on messaging platforms like Slack or WhatsApp, and others.