Hackers have sold personal data of 1.5 lakh patients of Sri Saran Medical Center in Tamil Nadu. Hackers have sold this data to Cybercrime Forum and a Telegram channel. CloudSEK, a firm providing information about cyber attacks, has given this information. According to CloudSEK, this data was allegedly obtained from a third party vendor, Three Cube IT Labs, and includes patient data from 2007 to 2011.
However, CloudSEK said it has no information whether ThreeCube is working as a software vendor for the Shree Saran Medical Center. The leaked data includes patients’ names, dates of birth, addresses, guardians’ names and doctor’s details. To verify the authenticity of the data, the hackers shared a sample as proof to potential buyers.
Data leak from medical center
CloudSEK researchers used the names of doctors in the database to identify the healthcare firm whose data was present in the sample. They were able to identify that these doctors work at Sri Saran Medical Center in Tamil Nadu. CloudSEK has now notified all stakeholders about the data breach.
Cyber attack on Delhi AIIMS
This incident of patient data sale in Tamil Nadu comes just a day after the cyber attack on the All India Institute of Medical Sciences (AIIMS) in Delhi, in which personal data of lakhs of patients was breached. Online hackers had advertised the patients’ data for a price of US$100, which meant that many copies of the database would be sold. For those who wanted to become the exclusive owner of the database, the price was increased to US$300. If someone wanted to buy and resell the database, the price was set at US$400.