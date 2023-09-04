Cyber threat analysis company CloudSEK on Monday reported that personally identifiable information (PII) and medical diagnoses of over 320,000 patients and sensitive data about doctors on the Ministry of Ayush website for Jharkhand were found to be leaked on the dark web.

The breach was initiated by a threat actor who goes by the name "Tanaka," and the compromised data included sensitive information about doctors, including their PII, login credentials, usernames, passwords, and phone numbers. Information about 500 login credentials – some in cleartext (data in unencrypted form) – was exposed to the dark web.

The website for Jharkhand is designed and developed by Bitsphere Infosystem Pvt Ltd, an IT services firm based in Ranchi. The threat actor shared a post titled "bitsphere.in" on an English-speaking hacking forum, CloudSEK said in a report.

Email queries sent to officials of the Ayush Ministry, the office of the director at Ayush Jharkhand, and Bitsphere Infosystem remained unanswered at the time of going to press.

The website of the Ministry of Ayush for Jharkhand was developed as a critical resource providing information about Ayurveda, Yoga, Naturopathy, Unani, Siddha, and Homoeopathy treatments. It connects patients to doctors working in these medical disciplines and is also used for education and research in these fields.

Though the database is just around 7.3 megabytes (MB) in size, it contains more than 320,000 patient records containing their PII information and medical diagnoses. It also contained the contact information of 737 people who used the "contact us" form on the website, as well as 472 records containing PII information of doctors. The database also has the PII information of 91 doctors along with information about where they are posted.

The link between the compromised data and Ayush Jharkhand's website was established by cross-referencing a chatbot and blog post data shared by the threat actor with publicly accessible data on the website. CloudSEK's contextual artificial intelligence (AI) digital risk platform XVigil was used to identify the source of the leaked data.

"CloudSEK researchers found a deeply concerning data breach that has far-reaching implications for patient and doctor confidentiality. The breach raises serious concerns about the digital security of healthcare data," the analytic platform said.

CloudSEK in its report also warned that the leaked data could enable account takeovers. Commonly used or weak passwords could lead to brute force attacks, and it would equip malicious actors with the details required to launch sophisticated phishing attacks. Brute force refers to attacks that use trial and error to guess login credentials or encryption keys.

Breach of healthcare databases may have severe implications as it includes sensitive data such as reproductive, sexual, and mental health data. The new report comes months after a Telegram bot was allegedly found leaking personal data collected by the government's CoWin portal. Last year, servers of the All India Institute of Medical Sciences (AIIMS) in New Delhi were infiltrated in a cyberattack, paralysing its operations.