New Delhi: The personal details of citizens that have been uploaded on the government portal CoWIN during the nationwide COVID-19 vaccination programme have been made available on Telegram for anyone to access freely.
Verified independently by Malayala Manorama newspaper and tweeted by Saket Gokhale, National Spokesperson, All India Trinamool Congress. Gokhale tweeted, “There has been a MAJOR data breach of Modi Govt where personal details of ALL vaccinated Indians including their mobile nos., Aadhaar numbers, Passport numbers, Voter ID, Details of family members etc. have been leaked & are freely available.”
Listing down names of some prominent personalities in his tweet, Gokhale named Derek O’Brien, Rajya Sabha MP & TMC Leader, Former Union Minister P Chidambaram, Congress leaders Jairam Ramesh & KC Venugopal and Deputy Chairman Rajya Sabha Haribansh Narayan Singh, Rajya Sabha MPs Sushmita Dev, Abhishek Manu Singhvi, & Sanjay Raut, Rajdeep Sardesai of India Today, Barkha Dutt of Mojo Story, Dhanya Rajendran of The NewsMinute and Rahul Shivshankar of Times Now in his Twitter thread. Leaked details include PAN card number, Aadhaar no, Passport no, phone number etc.
The details could be accessed by either entering the phone number or the Aadhaar card number. For citizens who had registered themselves on CoWIN, the details were available in the first instance and also the details of the family members who were registered through the same phone number were freely accessible on Telegram.
Commenting on the breach, Saurabh Daga, Associate Project Manager of Disruptive Tech at GlobalData remarked, “The breach indicates that there might be loopholes in the existing security policies. These need to be reviewed and updated to prevent similar incidents in the future.”
“Cyberattacks in the healthcare segment have been increasing in recent years. The healthcare sector possesses valuable personal data, making it an attractive target for hackers. Cybersecurity has thus become one of the key issues for healthcare providers,” added Daga.
According to GlobalData, cybersecurity spending worldwide in healthcare accounted for $6.04 billion in 2022 and is expected to touch $8.82 billion by 2026, growing at a CAGR of 9.9 per cent.
Trishneet Arora, Founder & CEO, TAC Security believes that every incident is unique but some of the standard measures to take are to isolate and contain the systems to prevent the spreading of the attack, preserve evidence, engage cybersecurity experts and conduct a thorough investigation and last but not least, implement security patches and updates. “It is unfortunate but true that the healthcare industry has been increasingly targeted by cybercriminals. This is primarily due to the value and sensitivity of the data held within healthcare systems, including personal health information and financial data. Implementing strong cybersecurity measures is crucial to protect against cyber threats,” commented Arora.
Implementing strong access controls, encrypting data, conducting regular security audits, providing comprehensive employee training, and developing an incident response plan can help prevent such security breaches. Regular checks and software upgrades are crucial in maintaining a secure environment. Cyber threats constantly evolve, and new vulnerabilities are discovered regularly. Regular checks can help identify and patch vulnerabilities promptly, reducing the risk of exploitation. Software upgrades often include security patches that address known vulnerabilities, making them vital for maintaining a secure system.
“A proactive approach to cybersecurity, including implementing robust measures, conducting regular checks, and staying up to date with software upgrades, is essential in the healthcare sector to protect sensitive data and prevent cyberattacks,” said Daga.
As of this writing the Telegram bot has been blocked but there is no official statement on the breach from the Government of India, ETHealthworld reached out to some of the largest hospital chains in India who preferred not to comment on the subject.
