New Delhi: the personal data of citizens have been uploaded to the government portal CoWIN during the national vaccination program against COVID-19 have been made available in Telegram for anyone to freely access.
Independently verified by Malayala Manorama newspaper and tweeted by Saket Gokhale, National Spokesperson, All India Trinamool Congress. Gokhale tweeted: “There has been a BIG Modi Govt data breach where the personal details of ALL vaccinated Indians including their mobile numbers, Aadhaar numbers, passport numbers, voter ID, family member details, etc., have been leaked and are freely available. ”
Listing the names of some prominent personalities in his tweet, Gokhale named Derek O’Brien, TMC leader and Rajya Sabha MP, former Union Minister P Chidambaram, Congress leaders Jairam Ramesh and KC Venugopal and Rajya Sabha Vice President Haribansh Narayan Singh, Rajya Sabha MPs. Sushmita Dev, Abhishek Manu Singhvi and Sanjay Raut, India Today’s Rajdeep Sardesai, Mojo Story’s Barkha Dutt, The NewsMinute’s Dhanya Rajendran and Times Now’s Rahul Shivshankar on their Twitter thread. The leaked details include PAN card number, Aadhaar number, passport number, phone number, etc.
Details can be accessed by entering phone number or Aadhaar card number. For citizens who had registered with CoWIN, the details were available in the first instance and also the details of family members who were registered through the same phone number were freely accessible on Telegram.
Commenting on the breach, Saurabh Daga, Associate Project Manager for Disruptive Tech at GlobalData, commented: “The breach indicates that there could be loopholes in the existing system. security politics. These need to be reviewed and updated to prevent similar incidents in the future.”
“Cyberattacks in the health segment have been increasing in recent years. The healthcare industry holds valuable personal data, making it an attractive target for hackers. Cybersecurity has thus become one of the key issues for healthcare providers,” added Daga.
According to GlobalData, worldwide cybersecurity spending in healthcare accounted for $6.04 billion in 2022 and is expected to reach $8.82 billion by 2026, growing at a CAGR of 9.9 percent.
Trishneet Arora, founder and CEO of TAC Security, believes that each incident is unique, but some of the standard measures to take are to isolate and contain systems to prevent the spread of the attack, preserve evidence, engage security experts cyber security and conduct thorough investigation and last but not least, implement security patches and updates. “It is unfortunate but true that the healthcare industry has been increasingly targeted by cybercriminals. This is primarily due to the value and confidentiality of data found within healthcare systems, including personal health information and financial data. Implementing strong cybersecurity measures is crucial to protect against cyberthreats,” Arora said.
Implementing strong access controls, encrypting data, conducting regular security audits, comprehensive employee training, and developing an incident response plan can help prevent such security breaches. Regular checks and software updates are crucial to maintaining a secure environment. Cyber threats are constantly evolving and new vulnerabilities are discovered regularly. Regular checks can help identify and patch vulnerabilities quickly, reducing the risk of exploitation. Software updates often include security patches that address known vulnerabilities, making them vital to maintaining a secure system.
“A proactive approach to cybersecurity, including implementing robust measures, performing regular checks, and maintaining software updates, is essential in the healthcare sector to protect sensitive data and prevent cyberattacks,” Dagger said.
As of this writing, the Telegram bot has been blocked, but there is no official statement on the breach from the Government of India. ETHealthworld contacted some of India’s largest hospital chains, who declined to comment on the matter.
