In November 2022, the All India Institute of Medical Sciences (“AIIMS“) reportedly suffered a ransomware attack. They may have just escaped another incident thanks to the responsible disclosure of a vulnerability found by a researcher. Ashish Khaitan reports:
A critical vulnerability in the AIIMS portal exposed highly sensitive data of voluntary organ and tissue donors registered with the Organ Retrieval Banking Organisation (ORBO). The AIIMS portal vulnerability allowed unauthorized access to personally identifiable and medical information of donors across India. This vulnerability was discovered in mid-May 2025 by independent cybersecurity researcher Aniket Tomar. ORBO is a key facility of the All India Institute of Medical Sciences (AIIMS), New Delhi.
The AIIMS portal vulnerability, if left unpatched, had the potential to severely undermine data privacy, public trust, and the security of the national digital health infrastructure.
ORBO, as the nodal body for cadaver organ and tissue donation activities at AIIMS, maintains a brain death donor registry and coordinates transplants, making the exposed data particularly sensitive.
Read more at The Cyber Express.