Latest


Hackers attack Indian healthcare website, steal 68 lakh records

  •   Thu, Aug 22 2019 11:42:40 AM

New Delhi, Aug 22 (IANS): In a startling revelation, US-based cyber security firm FireEye said on Thursday that hackers broke into a leading India-based healthcare website, stealing 68 lakh records containing patient and doctor information.

Without naming the website, FireEye said cyber criminals -- mostly China-based -- are directly selling data stolen from healthcare organisations and web portals globally including in India in the underground markets.

"In February, a bad actor that goes by the name "fallensky519" stole 6,800,000 records associated with an India-based healthcare website that contains patient information and personally identifiable information (PII), doctor information and PII and credentials," FireEye said in its report shared with IANS.

Between October 1, 2018 and March 31, 2019, FireEye Threat Intelligence observed multiple healthcare-associated databases for sale on underground forums, many for under $2,000.

FireEye said it continues to witness a concerted focus on acquiring healthcare research by multiple Chinese advanced persistent threat (APT) groups.

"In particular, it is likely that an area of unique interest is cancer-related research, reflective of China's growing concern over increasing cancer and mortality rates, and the accompanying national health care costs," the cyber security agency noted.

Open source reports indicate that cancer mortality rates have increased dramatically in recent decades, making cancer China's leading cause of death.

As the People's Republic of China (PRC) continues to pursue universal healthcare by 2020, controlling costs and domestic industry will surely affect the PRC's strategy to maintain political stability," said the FireEye report.

Another probable motivation for APT activity is financial: the PRC has one of the world's fastest growing pharmaceutical markets, creating lucrative opportunities for domestic firms, especially those that provide oncology treatments or services.

"Targetting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors," the report claimed.

In early April this year, suspected Chinese cyber espionage actors targeted a US-based health center-with a strong focus on cancer research - with "EVILNUGGET" malware.

APT22 - a Chinese group that has focused on biomedical, pharmaceutical, and healthcare organizations in the past, and continues to be active - also targeted this same organization in prior years.

In the same month, several researchers at the MD Anderson Cancer Research were dismissed following concerns over theft of medical research on behalf of the Chinese government.

One theme FireEye has observed among Chinese cyber espionage actors targeting the healthcare sector is the theft of large sets of personally identifiable information (PII) and Protected Health Information (PHI).]

Beyond Chinese-nexus groups, FireEye Intelligence has observed a wide variety of other cyber espionage and nation state actors involved in targeting the healthcare sector, including Russia-nexus APT28.

"The valuable research being conducted within some of these institutions continues to be an attractive target for nation-states seeking to leapfrog their domestic industries," the report emphasised.

As biomedical devices increase in usage, the potential for them to become an attractive target for disruptive or destructive cyber attacks - especially by actors willing to assume greater risk - may present a more contested attack surface than today," said the report.
  

Top Stories

Comment on this article

  • SmR, Karkala

    Thu, Aug 22 2019

    A little over five months ago (on September 26, 2018), the Supreme Court rendered its landmark verdict on the Aadhaar Act, declaring, among other things, the use and commercial exploitation of biometric and demographic information of individuals by private entities as unconstitutional. The court also called upon the Union of India.
    A comparison of the original bill with the Amendment bill reveals more changes done during the amendment. However, the main concern of privacy and security of data around Aadhaar remains unaddressed in the amendment.
    A Gravely Flawed Ordinance, which may need clarification or amendments:

    1. Allowing private agencies to use Aadhaar contradicts the statement of objects and reasons of the Bill.
    2. Issues with sharing information collected under Aadhaar
    3. Disclosure of information to intelligence or law enforcement agencies
    4. Potential to profile individuals
    5. UID authority’s exclusive power to make complaints
    7. Collection of personal information
    8. Ambiguity in specifying biometric information
    9. The time period for maintaining authentication records
    10. Does the Aadhaar Judgment Solve the Problem of Exclusion?
    11. Have Data Security Problems Been Addressed?
    It may become possible to track an individual’s activities across multiple domains of service (AUAs) using their global Aadhaar IDs which are valid across these domains. This would lead to identification without consent.
    There may be unauthorized use of biometrics to illegally identify people. Such violations may include identifying people by inappropriate matching of fingerprint or iris scans or facial photographs stored in the Aadhaar database, or using the demographic data to identify people without their consent and beyond legal provisions.

    The BJP is directly responsible for data theft passing 'Aadhar bill' through ordinance without having 'Data protection law'.
    Jai Hind

    DisAgree Agree Reply Report Abuse

  • Mangalurian, Mangaluru

    Thu, Aug 22 2019

    The Digital India will not stop until every hacker in the world has acquired info on every Indian's personal information.

    Long live Digital India!

    DisAgree Agree [4] Reply Report Abuse


Leave a Comment

Title: Hackers attack Indian healthcare website, steal 68 lakh records



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like