Leaked covid test data largest breach in India’s history
The Indian Council of Medical Research (ICMR) has been breached, with sensitive details of 81 million people up for sale on the dark web.
One of the most concerning aspects of this breach – thought to have been one of the biggest in the country’s history – is that its source has not yet been identified.
The ICMR is thought to have sustained repeated cyber-attacks since February this year, with over 6,000 attempted breaches recorded last year.
According to reports, a suspected hacker, with a handle on X, has advertised the database in the breached forum involving sensitive information including Aadhaar (a citizen’s unique identity number) and passport details along with names, phone numbers and addresses.
The hacker claimed the data — extracted from the Covid-19 test details of citizens — was sourced from ICMR.
Given the grave nature of the incident, India’s crime agency, the Central Bureau of Investigation (CBI) is likely to probe the matter once ICMR files a complaint.
Commenting on the news is Erfan Shadabi, cybersecurity expert at comforte AG, said:
“First and foremost, it’s crucial to acknowledge that the information pertaining to an individual’s health is highly sensitive and personal.”
Shadabi added that when individuals share this data with healthcare organisations, they do so with the understanding that it will be handled with “care and confidentiality”.
“The breach of such data not only undermines this trust but also exposes individuals to potential identity theft, fraud, and other malicious activities.
“Healthcare organisations must do everything in their power to safeguard patient data, and one of the most effective approaches is to implement data-centric security measures.”
According to Shadabi, data-centric security focuses on securing the data itself rather than solely relying on perimeter defences. This approach includes encryption, tokenization, access controls, data masking, and monitoring, all of which he claims contributes to a multi-layered defence against data breaches.,
This week we reported how some businesses were investing in ethical hackers to mitigate attacks. Around 70% of organisations were able to avoid significant cyber incidents in 2023 using this approach.
To read more stories on cyber security click here
Subscribe to our Editor's weekly newsletter