As AIIMS-Delhi struggles to recover from a massive ransomware attack. Hackers are currently selling at least 1.5 lakh patients’ data records belonging to Tamil Nadu-based multi specialty hospital called Sree Saran Medical Center for hundreds of dollars on the Dark Web, cyber-security researchers revealed on Friday. The stolen database is advertised for $100, meaning that multiple copies of the database would be sold. For actors seeking to be the exclusive owner of the database, the price is raised to $300 and if the owner intends to resell the database, the quoted price is $400.
The cyber attack came on the heels of the massive AIIMS ransomware attack that has crippled nation’s premier healthcare institution for days.
The cyber attack came on the heels of the massive AIIMS ransomware attack that has crippled nation’s premier healthcare institution for days. According to security researchers from AI-driven cyber-security firm CloudSEK, the data fields being sold on the Dark Web include patient name, guardian name, date of birth, doctor’s details and address information. The data was allegedly sourced from a compromised third-party vendor, Three Cube IT Lab, the report claimed. However, CloudSEK said it had no information that ThreeCube may be operating as a software vendor for Sree Saran Medical Center.
“A sample was shared as proof for potential buyers to inspect the authenticity of the data. This data was found to be containing patient details from a hospital, based in Tamil Nadu. The sample image has data records dated from the years 2007-2011,” the report mentioned. CloudSEK’s AI digital risk platform XVigil discovered a post made by a threat actor, advertising sensitive data allegedly sourced from Three Cube IT Lab India. CloudSEK said it has informed all the stakeholders about the incident.