DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Why ransomware groups are targeting Indian pharma companies and the healthcare sector; ClearMedi allegedly hacked

Posted on July 5, 2023 by Dissent

Naandika Tripathi reports:

Just three months after a ransomware attack pulled down India’s largest drugmaker, Sun Pharmaceuticals, the threat actors went after another pharma company. Hyderabad-based Granules India was notified of a significant loss of revenue and profitability due to a cybersecurity attack in the last week of May.

[…]

From Dr. Reddy’s to the All India Institute of Medical Science (AIIMS), the pharma and healthcare sector have been experiencing an uptick in cyberattacks over the past few years, especially post-Covid-19. These incidents have put a spotlight on the weak cybersecurity infrastructure in the industry.

Read more at Forbes India.

The current news involving India is even worse than Ms Tripathi may know. Threat actors called 8Base have listed ClearMedi Health on their leak site and Telegram channel. “We have a large number of files. For demonstration, some of them are presented here. The entire amount of data has already been uploaded to the site, enjoy!” they wrote.

The leak site listing indicates that data from ClearMedi was downloaded on June 26 and published on their site on July 3. Unlike some other groups that give a victim weeks or even months to try to negotiate a payment, 8Base seems to move quickly. They describe the files that they have uploaded to their server as including:

  • Personal documents
  • Identity cards
  • Health insurance
  • Patient data (numbers\addresses\registration numbers and others)
  • Patient databases
  • Personal data of employees
  • Internal documents
  • Accounts
  • Financial documents
  • A huge amount of personal data and databases
  • Other

The upload is a 9-part archive with most of the parts being 10 GB each.

DataBreaches examined some of the files and confirmed that they contained patient information, such echocardiograph and doppler studies on named patients. The following figure is just the top portion of one such report with the patient’s name and UHID No. redacted by DataBreaches. Note that the date of this visit was May 22 of this year, showing that they obtained recent data.

 

A second file that DataBreaches examined (below) was a .csv file with 9,225 patient records from 2022 that showed patient’s name and ID, the purpose of their visit, what they paid, who referred them, and what facility the patient was seen at. The patient name and ID was redacted by DataBreaches:

Note that the figure above depicts only part of the fields. There were more fields to the right that included other details such as the patient’s date of birth, age, and their mobile telephone number, as well as other appointment-related details.

Finding no mention of any breach or service disruption on their website, DataBreaches emailed ClearMedi yesterday to ask about the data dump and 8Base’s claims, asking:

  1. Were you aware that you were the victim of a cyberattack with data theft?
  2. Did the attack and encryption of your system(s) affect patient care in any way?
  3. Did you try to negotiate with the criminals at all?
  4. Have you notified anyone of this breach?
  5. What are you doing in response to it?

No reply has been received by publication time. DataBreaches also sent some inquiries to 8Base through their contact form on their leak site, but has received no reply by publication.

In November 2022,  the All India Institute of Medical Sciences (AIIMS) was the victim of what appeared to be a ransomware attack. That hospital name appears in some of the leaked records for this incident, too.

Updated July 7:  8Base confirmed to DataBreaches that although they locked files, they did not touch any of ClearMedi’s critical infrastructure that would affect patient care.  They also confirmed that ClearMedi never contacted them. ClearMedi did not  reply to DataBreaches’ initial email and finding no notice or press release from them about any breach, a second email pointing them to this article and asking for a statement has now been sent.

 

No related posts.

Category: Breach IncidentsCommentaries and AnalysesHackHealth DataMalwareNon-U.S.

Post navigation

← Deputy U.S. Marshal Pleads Guilty to Obtaining Cell Phone Location Information Unlawfully
Au: Atherfield Medical & Skin Cancer Clinic victim of cyberattack by Cyclops →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.