NEW DELHI: Security analysts from cyber security firm CloudSEK claim that a Russian hacking organization called Phoenix allegedly breached the Health Management Information System (HMIS) of India’s Ministry of Health.
The group, which has been active since January 2022, is thought to have obtained access to all hospital data in India, including that of chief physicians and workers.
The assault is thought to be motivated by India’s decision to adhere to the G7-approved price limit for Russian oil, as well as not violate sanctions placed on the Russian Federation. Russian threat actors may sell exfiltrated license documents and personally identifiable information (PII) on cybercrime platforms and use PII and license documents to commit document fraud.
Phoenix has been known to use social engineering tactics to trick victims into falling for a phishing scam in order to steal passwords and obtain access to bank or e-payment accounts. They have also engaged in hardware hacking and unlocked stolen or lost iPhones in order to resell them in Kiev and Kharkiv via a network of controlled stores. The group has previously targeted hospitals in Japan and the United Kingdom, as well as a US-based healthcare organization that serves the US troops.
The All India Institute of Medical Sciences (AIIMS) in Delhi was the target of a ransomware attack in late 2022, possibly compromising the confidential data of at least 40 million patients, including political leaders and other VIPs. Chinese involvement in the attack was assumed. The attack was triggered by improper network segmentation, according to the Indian Computer Emergency Response Team (CERT-In). The national capital’s Safdarjung Hospital was also targeted by cyber-criminals, though the attack was less severe than that of AIIMS-Delhi, and the chances of data leaks were lower because the hospital predominantly operates on a manual mode.
The newest attack emphasises the importance of healthcare institutions implementing robust cybersecurity measures to protect sensitive patient information. To avoid similar attacks in the future, the Indian government should strengthen its cybersecurity infrastructure and collaborate with international partners.
Follow The420.in on