Medical Data Breach: Ayush Jharkhand Hacked
The threat actor known as Tanaka recently has been observed sharing a post titled “bitsphere.in” on an English-speaking hacking forum, shedding light on a significant data leak.
According to a new blog post by CloudSEK, the impacted entity is the official state website for the Ministry of Ayush in Jharkhand, India, which provides vital information about Ayurveda, Yoga and Naturopathy, Unani, Siddha and Homoeopathy medications.
The leaked database, totaling 7.3 MB in size, reportedly contains over 320,000 patient records, including personally identifiable information (PII) and medical diagnoses. The breach also exposed login information, usernames, passwords and phone numbers of doctors associated with the website.
Upon investigation, it became evident that the compromised data originated from the servers of ayush.jharkhand.gov.in, which were developed by bitsphere.in.
In their technical article, CloudSEK explained this attribution was established by cross-referencing chatbot and blog post data shared by the threat actor with publicly available information on the website.
CloudSEK wrote: “[The] chatbot on the Ayush jharkhand’s website reverts the same data as mentioned in the ‘chatbot_ayush_reply’ table in the leaked database.”
The firm added that the potential impact of this breach is substantial, as the leaked data could be exploited for account takeovers, brute force attacks and sophisticated phishing campaigns.
Read more on phishing: Social Media Phishing – The 2023 Cybersecurity Threat
To mitigate these risks, it is imperative for potentially affected individuals to implement robust security measures, including a strong password policy, multi-factor authentication (MFA), endpoint patching and secure handling of secrets.
Furthermore, organizations are advised not to store unencrypted secrets in public repositories and refrain from sharing sensitive information unencrypted on messaging platforms. Continuous monitoring for unusual account activities and regular scans for exposed credentials are crucial steps in maintaining data security.