Exposed Unsecured Health Department Medical Database of Northern India Government

2019, April, Breaches

Who: Department of Medical, Health and Family Welfare of a state in northern India.

# of Accounts Breached: More than 12.5 million

What was affected: The database was eventually secured with the help of the Computer Emergency Response Team (CERT) of India, but the entire process took three weeks, during which time the server and the medical records remained exposed for anyone to download.

When it happened: March 2019

How it happened: The database was discovered by Bob Diachenko, a security researcher with cyber-security consulting firm Security Discovery, in early March 2019.
The researcher’s initial attempts to secure the server were unsuccessful. Due to the nature of the data, the researcher contacted ZDNet for help, but our efforts to contact the government agency were similarly unfruitful.

Outcome: The database was eventually secured with the help of the Computer Emergency Response Team (CERT) of India, but the entire process took three weeks, during which time the server and the medical records remained exposed for anyone to download.

Malcare WordPress Security