A threat actor is selling the patients’ medical records from a Tamil Nadu-based hospital, Sree Saran Medical Centre. The healthcare entity is a multispecialty hospital that accepts numerous patients in their region.
Based on reports, a researcher claimed that a threat actor offers patient information from the Indian hospital on the dark web. Separate researchers have also spotted a post that advertises the sale of sensitive details from a Chennai-based provider of business and consulting services.
The researchers believed that authorities should classify the campaign as a Supply Chain Attack since it first targeted the impacted hospital’s IT vendor. Through the vendor’s systems as an initial foothold, the threat actors could snatch Protected Health Information and Personally identifiable information of the hospital’s clients and patients.
The malicious threat actor who offers the Sree Saran Medical Centre patient information has shared records from the past.
The data seller showed a sample as evidence for the potential purchaser, revealing data records recorded from more than a decade ago in Sree Saran Medical Centre. The record contained 150,000 patient data records, including their name, guardian name, address, date of birth, and attending physician’s details.
The troves of information have been displayed on sale on well-known hacker forums and a Telegram channel that potential customers frequently visit.
The database is offered for about $100, implying that the sellers want to sell the data to multiple customers. However, a buyer looking for an exclusive right to the database could pay approximately $300. On the other hand, if a buyer wants to resell the database copies, the seller will charge them about $400.
Furthermore, the researchers stated that the vendor has no direct evidence that the software vendor for the Sree Saran Medical Centre is where they got the patient’s data, meaning the source might be other than the provider.
Organisations should assess the security rating of their vendors to ensure that they comply with the requirements and mitigate the threat that could result in cybercriminal activity that poses a greater risk.