In yet another COVID-19 data breach, the database from Ayushman Bharat and Arogya Karnataka, the government-promoted public insurance schemes, has been leaked. The user claims that the database contains the details of hospitals registered under the scheme.
The sample listed with the post indicates that the leaked data reportedly includes information from regions including Bengaluru (Bangalore).
The data was allegedly leaked from hospital registration information, which includes COVID-19-related treatment and insurance information, from arogya.karnataka.gov.in. There are currently 421 hospitals and 2263 primary heathcare centres registered under the Arogya Karnataka Scheme.
The total COVID-19 cases registered in Karnataka till date is more than 4 million, which is much more than the respective populations of US states such as Oklahoma, Connecticut, Utah, Iowa, Nevada, and Mississippi.
The Cyber Express is yet to receive replies to our requests for comments sent to the state ministry of health and the state department of health.
COVID-19 Patient Data Breach and India
This is the latest in the stream of COVID-19 patient data India faced since the onset of the disease, when government started maintaining databases. According to the official government data, India had a total of 44.7 million cases and 0.53 million deaths as of February 20.
In January 2022, a government server in India was breached, resulting in the exposure of personal data belonging to more than 20,000 people. This includes their name, mobile number, address, and Covid test results.
This sensitive information could be easily accessed through an online search, tweeted cybersecurity researcher Rajshekhar Rajaharia.
Another public health data breaches came to light around the same time, when an investigation by The Probe showed that district health authorities were uploading citizens’ Covid-19 data directly on their website without any security measures in place.
COVID-19 Patient Data Breach: Not a new thing
Last year, a blackhat hacker claimed to have hacked the information of 48.5 million Shanghai’s Covid-19 app users. On August 10, 2022, the claim was made by a user named “XJP” on the Breach Forums. The alleged actor also posted an offer of $4,000 for potential buyers of the data.
In his post, “XJP” shared a piece of stolen data, including the phone numbers, names, 18-digit Chinese identification numbers, and health code status of citizens. The hacker also shared details of 47 people in the post, and the UK-based news agency “Reuters” confirmed with eleven of the people from the data leak that they were listed in the samples.
Meanwhile, the agency (Shanghai Big Data Center) said they were only responsible for the program’s development and rejected any accusation that the data was leaked through them.