Kerala, one of the worst-hit states in India’s COVID-19 crisis, reported five positive cases from Aythala in Ranni-Pazhavangady panchayat. The database of all the active patients, and those who came in direct contact with them, was maintained on the district administrator’s office computers. The data included information on other people coming into the district from abroad and those kept in self-quarantine, their recent travel history, residential addresses and contact details, etc. District Collector P. B. Nooh admitted that this COVID-19 database has been hacked and has since sought an investigation into the incident.
The list of confirmed and quarantined patients in the district was handed over to the police and the district health administration to help them in continuous monitoring of respective individuals. However, the same list started appearing locally on various social media groups and forums. This is a severe breach of personal data as proposed in India’s Personal Data Protection Bill 2019.
Nooh said, “We have found that data about people in isolation at home has been leaked or hacked. The police are already investigating the matter. Since it is confidential information, anyone who shares it will also be treated with strict actions. So please don’t share it anymore and those of you who already have the list, please kindly delete it.”
According to District Police Chief K. G. Simon, who is leading the investigation, the cause of hacking or data leak is uncertain; however the list doesn’t seem to be widely circulated. A cyber cell team is investigating the data breach to track down the hackers and all the people who have shared this database.
Cyberattack on Kerala State Health Department’s eHealth Portal
Earlier, in a separate incident on March 8, 2020, the State Health Department’s eHealth portal was attacked by a hacker group known as ‘GhostSquadHackers’. The hacking attempt was recorded and observed by the Health Department’s IT team, which almost immediately summoned cybersecurity experts to further investigate the incidence. They blocked the portal and took adequate remedial measures. Health Minister K. K. Shailaja later confirmed that no data had been breached or exfiltrated from the eHealth web portal by the hackers.