CloudSEK’s XVigil AI digital risk platform detected a concerning post on an English-speaking cybercrime forum where a database of PHI-IIIT Delhi (Portal for Health Informatics at the Indraprastha Institute of Information Technology, Delhi) was shared in exchange for forum credits. This data breach involved the compromise of 82 databases, containing sensitive information such as emails, names, internal healthcare documents, vaccine development records, and research papers.
It is noteworthy that a portion of the leaked database is accessible to the public through the PHI Portal hosted on ERNET, an autonomous scientific society under the Ministry of Electronics and Information Technology in India.
Furthermore, the PHI Portal is IIIT Delhi’s web portal for bioinformatics, health informatics, and genomics, supporting research in vaccine development and drug designing. However, the leaked data exposed vulnerabilities, and the threat actor “UsNsA” utilized a SQL injection vulnerability on the PHI Portal website to gain unauthorized access and extract the database.
The leaked MySQL User table revealed sensitive information, including usernames, hashed passwords, user privileges, and SSL type, posing significant risks.
At the same time, the impact of this cyber attack could lead to initial access to the company’s infrastructure, potential account takeovers if the leaked data is unencrypted or weak passwords are used, and exposure to sophisticated ransomware attacks.
To mitigate the consequences, immediate actions to secure the PHI Portal’s systems and data are crucial, ensuring the safety of sensitive health informatics and preventing further exploitation by malicious actors.
