In what is possibly the biggest data leak so far, the bigger question to ask is: Could your identity be among the countless stolen? As cybercriminals continue to exploit the vulnerabilities, is your digital life truly safe from the lurking dangers of the dark web?

According to an online news report on News 18, the COVID-19 test information of more than 81.5Cr citizens with the Indian Council of Medical Research (ICMR) is up for sale. A ‘threat actor’ whose handle is on X has advertised the database on the dark web. And it involves the records of 81.5 million Indian citizens. The data contains the Aadhar, passport information, names, addresses, and phone numbers. The ‘threat actor’ claims that the data was sourced from IMCR.

It was the American cyber security and intelligence agency, Resecurity, that noticed the leak through ‘a threat actor’ with the alias ‘pwn0001.’ It posted a thread on Breach Forums on October 9. Giving access to 815 million “Indian Citizen Aadhaar & Passport” records. The threat actor shared spreadsheets containing four large samples of Aadhar data as proof.

It is not the first incident of a data breach happening in India. It has unfortunately become a recurrent trend. The fact that hackers can gain access to your most private and confidential information with a mere click is, undeniably, a cause for deep concern. Before the recent cyberattack on AIIMS, a series of high-profile incidents left countless in shock. Companies such as Zivame, Swachhta platform, RentoMojo, Sun Pharma, BharatPay, and RailYatri have all fallen victim to data breaches, highlighting the growing threats to digital security in the country.

2016 – A major data breach compromised as many as 3.2 million debit cards from major Indian banks. SBI, ICICI, Axis Bank, YES Bank, and HDFC were among the most affected.
2017 – The “WannaCry” ransomware attack affected government institutions and hospitals. It hit around 230,000 computers globally.
2018 – The Aadhaar database, managed by UIDAI, was found to be leaking information of registered Indian citizens.
2019 – The State Bank of India faced a data breach, exposing customer data and financial details.
2020 – Unacademy and Big Basket suffered a data breach, compromising the details of 11 million and 20 million users respectively.
2021 – Dominos India suffered a cyberattack, resulting in the leakage of data from 180 million orders.
2023 – COVID-19 test information of 81.5 crore citizens on sale on the dark web.

Last year, a similar kind of attack was done by hackers on India’s health system when AIIMS’s 5 servers were hacked. Compromising the records of nearly three to four crore patients, including high-profile politicians.

As far as the current data breach is concerned, all the top officials of different agencies and ministries have been roped in. As per the sources, there is an involvement of foreign actors in the leak, making it imperative to conduct a comprehensive investigation by a leading agency. Currently, immediate corrective actions have been taken, and the necessary Standard Operating Procedures (SoP) have been activated to minimize and manage the impact of the data breach.

How To Protect Healthcare System From CyberAttack In India?

Strengthen The Existing Infrastructure

Rather than dismantling the whole infrastructure and putting in new advanced systems. The old systems should be updated with the latest security patches installed. Organisations should ensure that systems have the latest operating systems. They should install potent firewalls to protect the system from hackers, viruses, and data breaches.

Establish A Security Culture

It is vital to establish a security culture in any organisation. It includes educating employees on cybersecurity and teaching them the best procedures and policies to handle all the data securely. Employees should be able to identify suspicious activities and monitor the systems regularly.

Implement Encryption

We all know that the messaging app, Whatsapp has the feature of encryption. Encryption allows messages, videos, photos, and voice notes to be read and seen only by the person you are communicating with and no one else. In the same way, hospitals should rigorously encrypt patient data and other confidential information.

Use Tools And Vendors Data Protection

To protect sensitive data, the hospital administration should use tools and vendors that comply with standards and adherences like ISO 27001, SOC 2, HIPAA, and GDPR. Hackers target these tools and vendors used for billing, monitoring, medical devices and other numerous areas.

Implement Access Controls

To protect sensitive information, the organisation must practise giving access controls. As it leads to keeping the information secure. When the information gets shared with everyone, the chances of it getting hacked increase manifold. Setting up access controls helps protect information such as the hospital financials, details about research work happening in the hospital, and patient’s sensitive information.

With increasing digitisation and people storing all their sensitive data online, hackers can easily steal data. Among the various sectors, the healthcare industry continuously faces cyberattacks. This not only leads to compromise of people’s personal information. But also presents significant operational difficulties for hospitals and healthcare administrations.

Sunny Vaghela

Founder & CEO, TechDefence

This data breach of 81.5 crores Indian citizens’ information, sourced from ICMR, is a grave security lapse. Cybersecurity remains a top priority, and organisations must continually fortify their defenses, conduct security audits, and enhance employee training to protect sensitive data. Collaboration with authorities and experts is crucial to mitigate the risks associated with such breaches.

We should have strong rules and safety measures to keep our data private. If we don’t, it can harm people’s trust and make their information less safe.

The government and experts need to quickly look into this problem. They should find out who’s responsible and make sure our online info is safer. People’s health data must be a top priority, even when it’s hard to keep it safe in today’s digital world.

The repeated cyberattack attempts on ICMR and the massive breach highlight the importance of proactive security measures, employee training, and collaboration with experts and law enforcement to prevent and mitigate such incidents.

Also Read: