Cybersecurity researchers have discovered that the Ministry of AYUSH’s official website in Jharkhand has been breached, resulting in the exposure of more than 320,000 patient records on the dark web. The breached database, totaling 7.3 MB, contains personally identifiable information (PII) and medical diagnoses of patients.
The compromised data also includes sensitive information about doctors, such as their personal information, login credentials, usernames, passwords, and phone numbers. The data breach was carried out by a threat actor named “Tanaka”. The website is a crucial resource for information on Ayurveda, Yoga, Naturopathy, Unani, Siddha, and Homoeopathy treatments. The researchers established the link between the compromised data and the Ayush Jharkhand website by cross-referencing chatbot and blog post data shared by the threat actor with publicly accessible information on the website.
The breach exposed approximately 500 login credentials, contact information of 737 individuals, 472 records containing PII details of doctors, PII data of 91 doctors, and information on their work locations. The cybersecurity experts have recommended several mitigation strategies, including implementing a strong password policy, enabling multi-factor authentication (MFA), promptly patching vulnerable endpoints, and prohibiting the sharing of unencrypted secrets on messaging platforms.