DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Why ransomware groups are targeting Indian pharma companies and the healthcare sector; ClearMedi allegedly hacked

Posted on July 5, 2023 by Dissent

Naandika Tripathi reports:

Just three months after a ransomware attack pulled down India’s largest drugmaker, Sun Pharmaceuticals, the threat actors went after another pharma company. Hyderabad-based Granules India was notified of a significant loss of revenue and profitability due to a cybersecurity attack in the last week of May.

[…]

From Dr. Reddy’s to the All India Institute of Medical Science (AIIMS), the pharma and healthcare sector have been experiencing an uptick in cyberattacks over the past few years, especially post-Covid-19. These incidents have put a spotlight on the weak cybersecurity infrastructure in the industry.

Read more at Forbes India.

The current news involving India is even worse than Ms Tripathi may know. Threat actors called 8Base have listed ClearMedi Health on their leak site and Telegram channel. “We have a large number of files. For demonstration, some of them are presented here. The entire amount of data has already been uploaded to the site, enjoy!” they wrote.

The leak site listing indicates that data from ClearMedi was downloaded on June 26 and published on their site on July 3. Unlike some other groups that give a victim weeks or even months to try to negotiate a payment, 8Base seems to move quickly. They describe the files that they have uploaded to their server as including:

  • Personal documents
  • Identity cards
  • Health insurance
  • Patient data (numbers\addresses\registration numbers and others)
  • Patient databases
  • Personal data of employees
  • Internal documents
  • Accounts
  • Financial documents
  • A huge amount of personal data and databases
  • Other

The upload is a 9-part archive with most of the parts being 10 GB each.

DataBreaches examined some of the files and confirmed that they contained patient information, such echocardiograph and doppler studies on named patients. The following figure is just the top portion of one such report with the patient’s name and UHID No. redacted by DataBreaches. Note that the date of this visit was May 22 of this year, showing that they obtained recent data.

 

A second file that DataBreaches examined (below) was a .csv file with 9,225 patient records from 2022 that showed patient’s name and ID, the purpose of their visit, what they paid, who referred them, and what facility the patient was seen at. The patient name and ID was redacted by DataBreaches:

Note that the figure above depicts only part of the fields. There were more fields to the right that included other details such as the patient’s date of birth, age, and their mobile telephone number, as well as other appointment-related details.

Finding no mention of any breach or service disruption on their website, DataBreaches emailed ClearMedi yesterday to ask about the data dump and 8Base’s claims, asking:

  1. Were you aware that you were the victim of a cyberattack with data theft?
  2. Did the attack and encryption of your system(s) affect patient care in any way?
  3. Did you try to negotiate with the criminals at all?
  4. Have you notified anyone of this breach?
  5. What are you doing in response to it?

No reply has been received by publication time. DataBreaches also sent some inquiries to 8Base through their contact form on their leak site, but has received no reply by publication.

In November 2022,  the All India Institute of Medical Sciences (AIIMS) was the victim of what appeared to be a ransomware attack. That hospital name appears in some of the leaked records for this incident, too.

Updated July 7:  8Base confirmed to DataBreaches that although they locked files, they did not touch any of ClearMedi’s critical infrastructure that would affect patient care.  They also confirmed that ClearMedi never contacted them. ClearMedi did not  reply to DataBreaches’ initial email and finding no notice or press release from them about any breach, a second email pointing them to this article and asking for a statement has now been sent.

 

Category: Breach IncidentsCommentaries and AnalysesHackHealth DataMalwareNon-U.S.

Post navigation

← Deputy U.S. Marshal Pleads Guilty to Obtaining Cell Phone Location Information Unlawfully
Au: Atherfield Medical & Skin Cancer Clinic victim of cyberattack by Cyclops →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.