India’s healthcare sector has become an increasingly attractive target for cybercriminals, with a significant surge in cyberattacks in recent years. This is largely due to the rapid digitization of healthcare services (EHRs, telemedicine, IoMT), often outpacing the development of robust cybersecurity infrastructure. India’s healthcare sector reportedly faces significantly more weekly cyberattacks than the global average.

Here are some significant cyberattack examples in India’s medical and related sectors:

1. AIIMS Delhi Ransomware Attack

• Date: November 23, 2022
• Type of Attack: Ransomware
• Data Impact: This was a highly significant attack that affected the All India Institute of Medical Sciences (AIIMS), a premier medical institution. The attack led to the encryption of approximately 1.3 terabytes of data across five servers. While no definitive figure for compromised patient records was released, reports suggested that records of up to 40 million patients could have been impacted, including their complete medical histories. The incident severely disrupted hospital operations, leading to manual patient registration, appointment scheduling, and diagnosis for weeks.
  • Financial Loss: While no ransom was publicly acknowledged or paid by AIIMS, the attackers allegedly demanded around INR 200 crore (approximately $24 million USD at the time) in cryptocurrency. The operational disruption and recovery costs were substantial, though specific figures were not made public.

2. Indian Council of Medical Research (ICMR) Cyberattack

• Date: October 2022 (reported late 2023)
• Type of Attack: Distributed Denial of Service (DDoS) and potential data exfiltration.
• Data Impact: While initial reports focused on a DDoS attempt, later investigations and reports suggested a more severe breach. It was reported that the personally identifiable information (PII) of 81 crore (810 million) Indians was potentially lost or exposed. This would include extremely sensitive demographic and potentially health-related data collected by ICMR.
• Financial Loss: The financial loss associated with this specific incident was not publicly detailed, but a data breach of this scale would entail immense costs for investigation, remediation, potential legal action, and reputational damage.

3. Apollo Hospitals Data Exposure

• Date: January 2025 (discovery date)
  • Type of Attack: Vulnerability leading to exposure of sensitive files.
  • Data Impact: Security researchers uncovered SQL injection flaws, reverse shells, and unsecured URLs exposing live patient data within one of Apollo’s subsidiary websites. The leaked files included scanned copies of Aadhaar, PAN, passports, vaccination reports, patient medical records, resumes of job applicants, payment gateway credentials, and backend source code. This indicates a severe data protection failure potentially compromising the personal and medical records of “lakhs of patients” (hundreds of thousands).
  • Financial Loss: The full financial impact is yet to be determined, as Apollo Hospitals had not publicly commented on the breach when it was first reported. However, breaches involving such sensitive and extensive personal data lead to significant legal, compliance, and reputational costs.

4. CoWIN Portal Data Leak (Multiple Incidents)

• Date: Various incidents, notably June 2023.
• Type of Attack: Data leak via a bot on Telegram, likely from previously breached or stolen data, though the direct CoWIN database breach was denied by officials.
• Data Impact: This series of incidents involved the exposure of names, Aadhaar national IDs, mobile numbers, voter IDs, passports, and COVID vaccination status of millions of individuals who registered on the CoWIN portal for vaccination. While the government stated the CoWIN database itself was not directly breached, the sensitive data was accessible, raising significant privacy concerns.
• Financial Loss: The direct financial loss to the government or individuals is hard to quantify, but such widespread data exposure makes individuals vulnerable to scams, identity theft, and harassment, leading to potential financial losses for them.

5. Sun Pharmaceutical Industries Cyberattack

• Date: 2023
• Type of Attack: Cyberattack disrupting operations (details kept confidential).
• Data Impact: Sun Pharmaceutical Industries, a major player in the Indian pharmaceutical sector, faced a cyberattack that disrupted its operations. While the company disclosed the breach, specific details regarding the perpetrators or the extent of data compromised remain unclear. This incident highlighted the vulnerability of critical healthcare infrastructure and the potential impact on patient safety and data integrity within the pharmaceutical supply chain.
• Financial Loss: Specific financial impacts were not publicly disclosed, but disruptions to operations and potential data loss for a major pharmaceutical company would lead to significant financial and reputational damage.

These cases highlight that the Indian healthcare sector faces not only the global threats like ransomware but also persistent issues like inadequate security awareness, outdated legacy systems, and the vast amount of easily exploitable digitized data. The financial and data losses are substantial, and the impact on patient trust and safety is a growing concern.

Facebook

📞 Cybercrime Helpline: Dial 1930 (Available 24/7)
🌐 Report Online: www.cybercrime.gov.in
🏦 Bank Fraud: Contact your bank’s customer care and RBI Ombudsman at www.rbi.org.in
📩 Fake Trading/Investment Scams: Report to SEBI via www.scores.gov.in