FireEye, in a startling revelation said on Thursday that hackers broke into a leading India-based healthcare website, stealing 68 lakh records containing patient and doctor information.

Without naming the website, FireEye said cyber criminals  are directly selling data stolen from healthcare organisations and web portals globally including in India in the underground markets. In February, a bad actor that goes by the name “fallensky519″ stole 6,800,000 records associated with an India-based healthcare website that contains patient information and personally identifiable information (PII), doctor information and PII and credentials,” FireEye said in its report shared with IANS.

Between October 1, 2018 and March 31, 2019, FireEye Threat Intelligence observed multiple healthcare associated databases for sale on underground forums, many for under $2,000. FireEye said it continues to witness a concerted focus on acquiring healthcare research by multiple Chinese advanced persistent threat (APT) groups.

“In particular, it is likely that an area of unique interest is cancer-related research, reflective of China’s growing concern over increasing cancer and mortality rates, and the accompanying national health care costs,” the cyber security agency noted.

APT22 – a Chinese group that has focused on biomedical, pharmaceutical, and healthcare organizations in the past, and continues to be active – also targeted this same organization in prior years. One theme FireEye has observed among Chinese cyber espionage actors targeting the healthcare sector is the theft of large sets of personally identifiable information (PII) and Protected Health Information (PHI).

Beyond Chinese-nexus groups, FireEye Intelligence has observed a wide variety of other cyber espionage and nation state actors involved in targeting the healthcare sector, including Russia-nexus APT28.

“The valuable research being conducted within some of these institutions continues to be an attractive target for nation-states seeking to leapfrog their domestic industries,” the report emphasised.

As biomedical devices increase in usage, the potential for them to become an attractive target for disruptive or destructive cyber attacks  especially by actors willing to assume greater risk may present a more contested attack surface than today,” said the report.

(Image Courtesy:

Leave a Reply

Your email address will not be published.