A group of hackers from Kerala has gained access to the details of at least 80,000 COVID-19 patients in New Delhi by hacking the website of Delhi State Health Mission (dshm.gov.in).
The website, which is currently inaccessible, has been suspended since Saturday evening after the Kerala Cyber Warriors hacked the site to allegedly expose its lack of security.
On Saturday evening, the group of hackers posted on their Facebook page said that it hacked the site to protest the Delhi government’s unsatisfactory “approach towards their health care personnel”.
The group also raised caution against the lack of security in the site, which stores thousands of sensitive data of patients.
Data not safe
“We were appalled to witness sensitive data stored in these servers without any security. The accessed data contains COVID-19 patients name, address, phone number, COVID-19 test result, quarantine surveillance data, airport data, passport details, hospital data, etc. The government needs to be very careful and take every possible security measures to protect the personal information of citizens,” the post by the group read.
The group also said that a hacker could edit manipulate and misuse the data and make profits. “The consequences can be the downfall of the entire Indian security. For instance, manipulating these data will cause miscalculations, and inaccuracy in tracking COVID-19,” the post read.
Kerala Cyber Warriors also said that several hackers had planted backdoors (an undocumented portal that allows an administrator to enter the system) to the Delhi government server, which the group removed. “We tried to report to the officials about the vulnerability of the site but, as of now, we still have not received a response. Hence, we have decided to post this,” it said.
Speaking to The Hindu, a senior police officer from the cybercrime department in Delhi said that no police complaint has been received so far.
The DSHM server remains down as on Monday morning.