Ministry of AYUSH website in Jharkhand breached

In a data breach on the official website of the Ministry of AYUSH in Jharkhand, confidential details of several patients were reportedly leaked. AYUSH is a crucial resource offering information on Ayurveda, Yoga, Naturopathy, Unani, Siddha, and Homoeopathy treatments. The website contains a database totalling 7.3 MB, containing over 3.2 lakh patient records, with personally identifiable information and medical diagnoses. 

What is even more alarming is that the compromised data extends to include sensitive information about doctors, encompassing their PII, login credentials, usernames, passwords, and contact numbers. 

Cybersecurity firm CloudSEK was the first to report the data breach on the website. 

CloudSEK explained the source of this breach to the servers of the websi, which are developed by bitsphere.in.

“The link between the compromised data and Ayush Jharkhand's website was established by cross-referencing chatbot and blog post data shared by the threat actor with publicly accessible data on the website,” the firm said in a statement. 

According to CloudSEK, approximately 500 login credentials and contact information of 737 individuals who used the "Contact Us" form have been exposed. Along with that, 472 records containing PII details of doctors, PII data of 91 doctors, along with information about their postings, have been breached. 

The ramifications of this data breach are substantial and could lead to account takeovers as a result of leaked data, brute force attacks exploiting common or weak passwords and even increased vulnerability to sophisticated phishing attacks.