Hackers Stole 68 Lakh Records After Hacking Indian Healthcare Website

On August 22, a US cybersecurity firm called FireEye revealed that hackers stole 68 lakh records with information of doctors and patients after successfully hacking a leading Indian healthcare website.

The name of the website was not disclosed. FireEye also mentioned that cybercriminals, most of whom are from China, are selling stolen data from healthcare web portals and organizations in the underground markets globally. India is also on the list.

In its report, FireEye said that back in February, a hacker called “fallensky519” stole 6,800,000 records from a healthcare website in India. The records include patient information and PII, doctor information, credentials, and PII.

From Oct 1, 2018, to March 21, 2019, multiple healthcare-related databases can be found for sale for under $2,000 on underground forums.

FireEye stated that the trend continues to persist with China’s persistent threat groups focusing on buying healthcare research, especially cancer-related one.

It is indicated in open source reports that in China, in recent decades, cancer has become the leading cause of death with the mortality rates increased significantly.

Financial may be another possible motivation for the activity of APT. China has one of the fastest-developed pharmaceutical industry, generating profit-making opportunities for domestic companies, especially those focusing on oncology services or treatments.

The report wrote that by acquiring medical data and research, Chinese corporations could have more information to speed up the process of developing and releasing new drugs on the market.

In April this year, “EVILNUGGET” malware was used by Chinese actors to attack a US health center specializing in cancer research.

In prior years, this same organization had been the target of Chinese group APT22. This group has always been focusing on healthcare, pharmaceutical, and biomedical organizations.

Also in April, MD Anderson Cancer Research fired several researchers, citing stealing medical research as the reason.

FireEye has observed that Chinese hackers tend to target dataset including personally identifiable information or PII as well as Protected Health Information or PHI.

Also according to FireEye, China-based hacker groups are not the only ones targeting healthcare-related information as there are other groups from other countries as well, including APT28 from Russia.

The report emphasized that institutions’ valuable research continues to become the main target of nation-state actors wanting to boost their domestic industries.

As there are more and more biomedical devices introduced on the market, they become hackers’ attractive target for cyberattacks.