A threat actor with a high reputation on a cybercrime forum is advertising sensitive information about a hospital’s patients. This data purportedly belongs to Tamil Nadu-based multispecialty hospital, Sree Saran Medical Center. This comes in the middle of a cybercrime crisis that AIIMS-Delhi is dealing with, with several servers down for the 10th straight day.
On November 22, cybersecurity firm CloudSEK discovered a post made by a threat actor, advertising sensitive data allegedly sourced from Three Cube IT Lab India, a provider of application development, business intelligence, and consulting services.
According to CloudSEK, a sample image with data records dated from the years 2007-2011 was shared as proof for potential buyers to inspect the authenticity of the data.
The data set is said to contain 1.5 lakh records of patient data including name, guardian name, date of birth, doctor’s details, and address information. The data was allegedly sourced from a compromised third-party vendor, Three Cube IT Lab.
The stolen data has been advertised on popular cybercrime forums and a Telegram channel used to sell databases and which is frequented by threat actors. However, CloudSEK claimed that it has no information that ThreeCube may be operating as a software vendor for Sree Saran Medical Center.
"We can term this incident as a Supply Chain Attack, since the IT Vendor of the Hospital, in this case, Three Cube IT Lab, was targeted first. Using the access to the vendor's systems as an initial foothold, the threat actor was able to exfiltrate Personally identifiable information (PII) and Protected Health Information (PHI) of their hospital clients," said Noel Varghese, Threat Analyst, CloudSEK.
"If sensitive secrets such as system passwords, VPN Credentials etc are found in the vendor's systems, then the adversary can gain access to Three Cube IT Labs' client infrastructure and maintain persistence on their systems, and exfiltrate PII and PHI of their hospital clients. This raises the risk of a Supply Chain Attack," Varghese explained.
CloudSEK also added that the database is advertised for $100, this is the price for whoever is willing to pay for it. For actors seeking to be the exclusive owner of the database, the price is raised to $300 and if the owner intends to resell the database, the quoted price is $400.
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
I.N.D.I.A. bloc committed to predictable and stable tax environment: Jairam Ramesh
May 21, 2024 6:33 PM
Exclusive | INDIA bloc will ensure stable policy framework, simple GST, end tax terrorism: Jairam Ramesh
May 21, 2024 5:02 PM
Cong leaders 'failed' to protect party's constitution says FM Nirmala Sitharaman in Bihar
May 21, 2024 4:01 PM
Who will succeed Modi? Oppn thinks Amit Shah will, but PM said this
May 21, 2024 2:38 PM