DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Why ransomware groups are targeting Indian pharma companies and the healthcare sector; ClearMedi allegedly hacked

Posted on July 5, 2023 by Dissent

Naandika Tripathi reports:

Just three months after a ransomware attack pulled down India’s largest drugmaker, Sun Pharmaceuticals, the threat actors went after another pharma company. Hyderabad-based Granules India was notified of a significant loss of revenue and profitability due to a cybersecurity attack in the last week of May.

[…]

From Dr. Reddy’s to the All India Institute of Medical Science (AIIMS), the pharma and healthcare sector have been experiencing an uptick in cyberattacks over the past few years, especially post-Covid-19. These incidents have put a spotlight on the weak cybersecurity infrastructure in the industry.

Read more at Forbes India.

The current news involving India is even worse than Ms Tripathi may know. Threat actors called 8Base have listed ClearMedi Health on their leak site and Telegram channel. “We have a large number of files. For demonstration, some of them are presented here. The entire amount of data has already been uploaded to the site, enjoy!” they wrote.

The leak site listing indicates that data from ClearMedi was downloaded on June 26 and published on their site on July 3. Unlike some other groups that give a victim weeks or even months to try to negotiate a payment, 8Base seems to move quickly. They describe the files that they have uploaded to their server as including:

  • Personal documents
  • Identity cards
  • Health insurance
  • Patient data (numbers\addresses\registration numbers and others)
  • Patient databases
  • Personal data of employees
  • Internal documents
  • Accounts
  • Financial documents
  • A huge amount of personal data and databases
  • Other

The upload is a 9-part archive with most of the parts being 10 GB each.

DataBreaches examined some of the files and confirmed that they contained patient information, such echocardiograph and doppler studies on named patients. The following figure is just the top portion of one such report with the patient’s name and UHID No. redacted by DataBreaches. Note that the date of this visit was May 22 of this year, showing that they obtained recent data.

 

A second file that DataBreaches examined (below) was a .csv file with 9,225 patient records from 2022 that showed patient’s name and ID, the purpose of their visit, what they paid, who referred them, and what facility the patient was seen at. The patient name and ID was redacted by DataBreaches:

Note that the figure above depicts only part of the fields. There were more fields to the right that included other details such as the patient’s date of birth, age, and their mobile telephone number, as well as other appointment-related details.

Finding no mention of any breach or service disruption on their website, DataBreaches emailed ClearMedi yesterday to ask about the data dump and 8Base’s claims, asking:

  1. Were you aware that you were the victim of a cyberattack with data theft?
  2. Did the attack and encryption of your system(s) affect patient care in any way?
  3. Did you try to negotiate with the criminals at all?
  4. Have you notified anyone of this breach?
  5. What are you doing in response to it?

No reply has been received by publication time. DataBreaches also sent some inquiries to 8Base through their contact form on their leak site, but has received no reply by publication.

In November 2022,  the All India Institute of Medical Sciences (AIIMS) was the victim of what appeared to be a ransomware attack. That hospital name appears in some of the leaked records for this incident, too.

Updated July 7:  8Base confirmed to DataBreaches that although they locked files, they did not touch any of ClearMedi’s critical infrastructure that would affect patient care.  They also confirmed that ClearMedi never contacted them. ClearMedi did not  reply to DataBreaches’ initial email and finding no notice or press release from them about any breach, a second email pointing them to this article and asking for a statement has now been sent.

 

Category: Breach IncidentsCommentaries and AnalysesHackHealth DataMalwareNon-U.S.

Post navigation

← Deputy U.S. Marshal Pleads Guilty to Obtaining Cell Phone Location Information Unlawfully
Au: Atherfield Medical & Skin Cancer Clinic victim of cyberattack by Cyclops →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.