Healthcare data breach detected on IIIT Delhi’s informatics platform

The PHI is is an essential web platform offered by IIIT Delhi that serves bioinformatics, health informatics, and genomics communities. 

A data breach at the Portal for Health Informatics (PHI) of IIIT Delhi was detected recently, which included 10,842 emails from 6,500 domains, internal healthcare files, and user details.

CloudSEK’s XVigil detected the breach on July 25 and found that a threat actor named “UsNsA” shared the sensitive data on a cybercrime forum. The breach resulted from a SQL injection vulnerability.

According to the report, the leaked database consists of 82 files, which are approximately 1.8 GB in size and contains sensitive information such as usernames, email addresses, and various internal healthcare-related documents. Findings include:
  • 10,842 emails in the collection from around 6,500 unique domains and 29,000 unique URLs.
  • Internal data files related to ovirustdb, leukemiabd, indiabiodb, HIV, and more.
  • Tables such as bacvacdb, cancerdp, PHPMyadmin, dengi, and Crud were present in the leaked database.
  • Usernames obtained from the DotProject Contacts Table, including admin, test, Vikram, mouli, osddadmin, osdduser11, and user31.
  • However, IIIT Delhi told CNBC-TV18 that the though the said data sets are available on the website, they do not contain any personal information.

    “The platform in question is specifically designed to host non-sensitive, openly available datasets that can be used by researchers for further research purposes only. It does not contain any personal data, including emails, user details, or sensitive healthcare files,” a statement from the institute read.

    UsNsA has a history of sharing databases from other countries. The impact could lead to infrastructure access, account takeovers, and ransomware attacks.

    CloudSEK informed IIIT Delhi and the authorities. Organisations are advised to investigate, enhance security, encrypt data, and monitor for misuse. Cybersecurity vigilance is crucial to protect sensitive information and maintain user trust in the healthcare industry.

    The PHI is an essential web platform offered by IIIT Delhi that serves bioinformatics, health informatics, and genomics communities.

    By offering servers, databases, and scientific computation tools in the healthcare sector. PHI assists biologists in the production of vaccines and pharmaceuticals.


    Leave a Reply

    Your email address will not be published. Required fields are marked *