Exposed Unsecured Health Department Medical Database of Northern India Government
Who: Department of Medical, Health and Family Welfare of a state in northern India.
# of Accounts Breached: More than 12.5 million
What was affected: The database was eventually secured with the help of the Computer Emergency Response Team (CERT) of India, but the entire process took three weeks, during which time the server and the medical records remained exposed for anyone to download.
When it happened: March 2019
How it happened: The database was discovered by Bob Diachenko, a security researcher with cyber-security consulting firm Security Discovery, in early March 2019.
The researcher’s initial attempts to secure the server were unsuccessful. Due to the nature of the data, the researcher contacted ZDNet for help, but our efforts to contact the government agency were similarly unfruitful.
Outcome: The database was eventually secured with the help of the Computer Emergency Response Team (CERT) of India, but the entire process took three weeks, during which time the server and the medical records remained exposed for anyone to download.