A day after a Telegram bot provided access to the personal information of individuals who had reportedly registered for vaccination through the government’s CoWIN portal, an independent analysis by CloudSEK has shown that the threat actors do not have access to the entire portal or the backend database.
CloudSEK is a Singapore-based contextual AI company that claims it can forewarn cyber threats.
“Based on the matching fields from the Telegram data and previously reported incidents affecting health workers of a region, we assume the information was scraped through these compromised credentials,” CloudSEK said in a report.
“We found that the breach was that of health workers and not really an infrastructure breach. The content displayed on the screenshot matches with the Telegram bot mentioned in the media,” it said.
As per its exclusive Humint (human intelligence) analysis, CloudeSEK said the data belonged to the Tamil Nadu region and the actor claimed access to this single region’s centre at that moment.
“The bot claimed to offer personally identifiable information (PII) data,” the report added.
The report said that a threat actor on a Russian cybercrime forum, in March, had advertised for compromised access on the CoWin portal of the Tamil Nadu region, and claimed to have compromised the CoWin database.
“There were numerous credentials of healthcare workers accessible on the dark web for the CoWin portal,” it said.
The Singapore-based firm highlighted the lack of adequate endpoint security measures, rather than any inherent weaknesses in CoWin's infrastructure security.
On June 12, the Union Health Ministry had said that the data in the CoWin portal is completely safe, saying the reports of data breach were “mischievous”.
Also read: No leak of users' data from CoWIN portal, adequate safety measures in place: Govt
"The CoWin portal of the Health Ministry is completely safe with safeguards for data privacy... Only OTP authentication-based access of data is provided,” a statement from the ministry said.
The bot is currently down and might come up later as mentioned by the admin of the channel, report said.
‘Mandate health as critical infrastructure’
With the cyberinfrastructure of the health sector witnessing repeated attacks in the past few months, experts have called for mandating the segment as critical infrastructure.
The National Critical Information Infrastructure Protection Center (NCIIPC) includes sectors like power and energy, banking, telecommunication, transportation, strategic and public enterprises, and government, but healthcare is not a part of it.
“Government agencies involved in the healthcare industry should set up local governing bodies similar to that of HIPAA's (Health Insurance Portability and Accountability Act) that enacts compliance requirements, create awareness among users regarding cyber-attacks, online scams, and phishing campaigns, and set up policies for secure passwords and enable multi-factor authentication (MFA),” a CloudSEK researcher told Moneycontrol.
Also read: Displaying anti-tobacco warning mandatory for OTT platforms, Centre notifies rules
According to Future Crime Research Foundation (FCRF), the frequency of cybersecurity threats in the healthcare sector has grown due to the valuable data stored in healthcare systems, including personal medical records, financial information, and intellectual property.
“Such data is highly sought-after by cybercriminals for various purposes, including identity theft, financial fraud, and even for targeting medical devices,” said a cybersecurity researcher from FCRF, an IIT Kanpur-incubated think tank.
The researcher said that the government needs to undertake a comprehensive approach to enhance cybersecurity in the Indian healthcare sector.
The government and healthcare institutions must invest in robust cybersecurity infrastructure, including firewalls, intrusion detection systems, encryption mechanisms, and security information and event management (SIEM) systems, he added.
Meanwhile, Pavan Choudary, Chairman, the Medical Technology Association of India (MTaI), said the event was an alarm bell, and the government should ring-fence all data reservoirs.
“The recent attacks on AIIMS, ICMR, and, now, CoWin App make the passage of the Data Protection Bill become ever more urgent,” he added.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
