Hackers sold the personal information of 1.5 lakh patients at Tamil Nadu's Sree Saran Medical Center on well-known cybercrime forums.
Chennai: Hackers sold the personal information of 1.5 lakh patients at Tamil Nadu’s Sree Saran Medical Center on well-known cybercrime forums and a Telegram channel where databases were for sale. The data breach was discovered by CloudSEK, a firm that predicts cyber threats.
Patient information from 2007 to 2011 is included in the sensitive material, which, according to CloudSEK, was obtained via a hacked third-party vendor named Three Cube IT Lab. But according to CloudSEK, there is no evidence that Three Cube is acting as a software supplier for Sree Saran Medical Center.
The hackers provided a sample as evidence so that prospective buyers could verify the accuracy of the data. Names of patients, date of birth, addresses, guardians’ names, and medical information are all part of the disclosed data.
The healthcare company whose data was included in the sample was located by CloudSEK’s researchers using the names of the doctors in the database. They were able to identify that the doctors are employed by Tamil Nadu’s Sree Saran Medical Center.
The data breach has now been reported to all stakeholders involved by CloudSEK. Threat analyst Noel Varghese of CloudSEK stated, “Since the hospital’s IT vendor, in this case Three Cube IT Lab, was first attacked, we may classify this incident as a supply chain attack.”
A day after a cyberattack on the All India Institute of Medical Sciences (AIIMS) in Delhi compromised the personal information of millions of patients, it was discovered that patient data was being sold.
Price of Patients’ Data
The online hackers had advertised that they would get the patients’ data for USD 100, which means that multiple copies of the database would be sold. The prices go higher if anyone want more information.