Photo : BCCL

Patient knowledge put up on the market consists of particulars like start dates, addresses, guardian’s names, and physician’s particulars and belong to a database of Sree Saran Medical Centre from 2007 to 2011, an evaluation by CloudSEK revealed. Hospital chairman Dr Palanisamy, nevertheless, declare that no medical particulars of sufferers have been compromised. The facility has a brand new service supplier and software program for its database.

“We do not maintain an electronic health record in the hospital. Three Cube IT Lab was our service provider for a year. We used their software to build up our database, but we moved over to a new company four years ago,” Palanisamy stated.

The cyberattack was detected when the corporate on November 22 discovered the publish made by a cybercriminal with an enormous status in a cybercrime discussion board “advertising sensitive information of patients allegedly sourced from Chennai-based Three Cube IT Lab India”. The private knowledge was marketed for $100 (which means that a number of copies of the database can be bought), for cybercriminals in search of to be the unique proprietor of the database, the worth is raised to $300 and if the proprietor intends to resell the database, the worth is $400, in response to a ToI report.

To establish the power affected by the hacking, CloudSEK’s researchers used the names of medical doctors from the database. “We can term this incident as a supply chain attack, since the IT vendor of the hospital, in this case, Three Cube IT Lab, was targeted first. Using the access to the vendor’s systems as an initial foothold, the threat actor was able to exfiltrate personally identifiable information (PII) and protected health information (PHI) of their hospital clients,” stated CloudSEK risk analyst Noel Varghese.

This may have occurred if the hackers had entry to delicate info corresponding to system passwords, VPN credentials within the vendor’s methods. These will help them acquire entry to Three Cube IT Labs’ consumer infrastructure, he added.

CloudSEK founder Sasi, whereas acknowledged this because the second incident of hacking within the healthcare sector in India in lower than every week, he identified that such incidents aren’t uncommon. “Indian healthcare has the second largest threat of cyberattack after the US. We have done several studies to show this,” he stated.

Indian healthcare sector suffers 1.9 million cyberattacks in 2022

Meanwhile, the nation’s healthcare business confronted 1.9 million cyberattacks this yr until November 28, as per knowledge printed by cybersecurity assume tank CyberPeace Foundation and Autobot Infosec Private Ltd. The assaults got here from a complete of 41,181 distinctive IP addresses, which have been traced again to Vietnam, Pakistan, and China.