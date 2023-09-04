Confidential details of several patients were reportedly leaked in a data breach on the official website of the Ministry of AYUSH in Jharkhand, a crucial resource offering information on Ayurveda, Yoga, Naturopathy, Unani, Siddha, and Homoeopathy treatments.

Cybersecurity firm CloudSEK was the first to report the data breach on the website , which contains a database totalling 7.3 MB, containing over 3.2 lakh patient records, with personally identifiable information (PII) and medical diagnoses.

Even more alarming, the compromised data extends to include sensitive information about doctors, encompassing their PII, login credentials, usernames, passwords, and contact numbers.

CloudSEK pinpointed the source of this breach to the servers of the websi, which are developed by bitsphere.in. “The link between the compromised data and Ayush Jharkhand's website was established by cross-referencing chatbot and blog post data shared by the threat actor with publicly accessible data on the website,” the firm said in a statement.

According to CloudSEK, approximately 500 login credentials and contact information of 737 individuals who used the "Contact Us" form have been exposed. Along with that, 472 records containing PII details of doctors, PII data of 91 doctors, along with information about their postings, have been breached.

The ramifications of this data breach are substantial and could lead to account takeovers as a result of leaked data, brute force attacks exploiting common or weak passwords and even increased vulnerability to sophisticated phishing attacks.

CloudSEK has notified the affected organisation and advised mitigation.