HMIS portal breached exposing data of 40 million patients
According to reports from cybersecurity researchers at CloudSEK, a pro-Russian hacker group called Phoenix has targeted the Indian Health Ministry website and infiltrated its Health Management Information System (HMIS). The hacker group allegedly gained access to the employee’s data and chief physicians of all the hospitals in the country.
CloudSEK’s contextual AI digital risk platform, XVigil, suggests that the motive behind the attack was due to sanctions imposed against the Russian Federation, which India decided to comply with. This resulted in several polls on Phoenix’s Telegram channel, where followers voted on potential targets.
The Russian threat actors may now expose the stolen license documents and personal identifiable information (PII) on Dark web forums and conduct document fraud using PII and license documents, according to the researchers.
Phoenix has been active since January 2022 and is known for using social engineering techniques to conduct phishing scams, stealing passwords, and gaining access to victims’ bank or e-payment accounts. The group has also conducted Distributed Denial of Service (DDoS) attacks against multiple entities in the past.
The Russian hacktivist group has previously targeted hospitals in Japan and the UK, as well as a US-based healthcare organization serving the US military, the report stated.
Late last year, the All India Institute of Medical Sciences (AIIMS) in Delhi fell victim to a massive ransomware attack where Chinese involvement was suspected. Confidential data of approx. 40 million patients, including political leaders and other VIPs, were leaked in the attack.
Indian Computer Emergency Response Team (CERT-In) analyzed the attack and concluded that the attack was caused due to improper network segmentation. Another top hospital in the national capital, the Safdarjung Hospital, was also hit by cyber-criminals, but the hacking attack was not as severe as that faced by AIIMS-Delhi, as the majority of hospital work runs manually.