3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums
A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site
Updated on
November 6, 2023
Published on
September 4, 2023
Read MINUTES
7
Subscribe to the latest industry news, threats and resources.
Threat actor with the name of Tanaka shared a post titled “bitsphere.in” on an english speaking hacking forum.
Ayush.jharkhand.gov.in is the state website for the ministry of AYUSH for Jharkhand and gives information about Ayurveda, Yoga and Naturopathy, Unani, Siddha, and Homoeopathy type of medications.
The database is 7.3 MB big and contains more than 3 lakh 20 thousand patient records containing their PII information and medical diagnosis.
Moreover doctor’s PII, login information along with the username, passwords and phone numbers are also mentioned in the database.
On investigation of the data, it was revealed that this data has been taken from the servers of ayush.jharkhand.gov.in which are developed by bitsphere.in.
This data was attributed to ayush jharkhand’s website by correlating chatbot data and blogpost data shared by the threat actor with the publicly available data on the website.
The post mentioned a table name of the SQL data and had information about doctors in the samples.
Analysis and Attribution
Information from the Post
On 14 August, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor Tanaka sharing a database marked as bitsphere[.]in on an english speaking hacking forum.
Analysis of the database reveals that the following information has been leaked:
- More than 3 lakh 20 thousand patient records containing their PII information and medical diagnosis. - 500 login credentials with multiple cleartext passwords as well. - Contact information of 737 people who used the contact us form - 472 records containing PII information of doctors - Database also has the PII information of 91 Doctors along with the information about where they are posted.
Correlation between the data shared by the threat actor and the data present on ayush.jharkhand.gov.in’s website
The content in the “blogs” table is the same as that on ayush's website.
Chatbot on the Ayush jharkhand’s website reverts the same data as mentioned in the “chatbot_ayush_reply” table in the leaked database.
Chatbot on the Ayush jharkhand’s website reverts the same data as mentioned in the “chatbot_ayush_reply” table in the leaked database.
Impact & Mitigation
Impact
The leaked data could enable account takeovers.
Commonly used passwords or weak passwords could lead to brute force attacks.
It would equip malicious actors with details required to launch sophisticated phishing attacks.
Mitigation
Implement a strong password policy and enable MFA (multi-factor authentication) across logins.
Patch vulnerable and exploitable endpoints.
Do not store unencrypted secrets in .git repositories.
Do not share your secrets unencrypted in messaging systems like Slack or WhatsApp.
Monitor for anomalies in user accounts, which could indicate possible account takeovers.
Scan repositories to identify exposed credentials and secrets.
Monitor cybercrime forums for the latest tactics employed by threat actors.
More information and context about Underground Chatter
On-Demand Research Services
Global Threat Intelligence Feed
Protect and proceed with Actionable Intelligence
The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.