After a cyberattack on AIIMS knocked out its servers, a threat actor is selling medical records of patients of a Tamil Nadu-based multispecialty hospital.
A report released by CloudSEK claims that patient data of Sree Saran Medical Centre in on sale by a threat actor. On November 22, 2022, CloudSEK discovered a post that advertised the sale of sensitive data sourced from Three Cube IT Lab India – a Chennai-based provider of business and consulting services.
“We can term this incident as a Supply Chain Attack, since the IT Vendor of the Hospital, in this case Three Cube IT Lab, was targeted first. Using the access to the vendor’s systems as initial foothold, the threat actor was able to exfiltrate Personally identifiable information (PII) and Protected Health Information (PHI) of their hospital clients,” said Noel Varghese, Threat Analyst, CloudSEK.