On Monday, CloudSEK a cybersecurity platform revealed that a threat actor known as “UsNsA” has shared a database of Portal for Health Informatics (PHI)-IIIT Delhi on an English-speaking cybercrime forum in exchange for forum credits.
The compromised database contains sensitive information, including emails, names, years, internal healthcare and vaccine development-related documents, and research papers. This incident has raised significant concerns about data security and privacy, CloudSEK said in a statement.
The Portal for Health Informatics (PHI) is an essential web platform offered by IIIT Delhi that serves bioinformatics, health informatics, and genomics communities. PHI supports biologists in vaccine development and drug designing by providing servers, databases, and scientific computation tools in the healthcare domain.
CloudSEK’s XVigil detected the data breach on July 25, 2023, when the threat actor, UsNsA, shared the PHI-IIIT Delhi database on a cybercrime forum. The leaked database consists of 82 files totalling approximately 1.8 GB, containing sensitive information such as usernames, email addresses, and various internal healthcare-related documents
CloudSEK said in the statement that the threat actor utilized a SQL injection vulnerability on the PHI Portal website to gain unauthorized access and exfiltrate the database, potentially leveraging the SQLMap tool, a widely-used open-source penetration testing tool for detecting and exploiting SQL injection vulnerabilities in web applications.
“The compromise of the database of Portal of Health Informatics, IIIT Delhi, underscores the critical need for continuous vigilance in the face of ever-evolving cyber threats & risks. The use of an open-source tool to gain unauthorised access and leak of the data serves as a stark reminder of the potential harm that can arise in the near future. The healthcare industry’s susceptibility to exploitation due to its ease of targeting makes it even more vulnerable to attacks,” said cyber threat researcher Abhinav Pandey.
The threat actor, UsNsA, has a history of sharing databases from various countries, including Indonesia, Thailand, and Hongkong. “The impact of this data breach is significant and may lead to initial access to the company’s infrastructure, and account takeovers if leaked data is not encrypted or protected properly,” CloudSEK stated.