For security analysts Akshay and Viral, a casual check of a healthcare system’s security quickly turned into a huge finding. The duo discovered a major data leak at Apollo Hospitals, one of India’s leading hospital networks.
The breach first came to their attention on January 9, when they discovered a zip file on one of Apollo’s subsidiary websites. Recognising the sensitivity, they notified Apollo’s management within a few hours on January 10.
The file was erased by February 1, but they raised the issue with the Indian Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Centre (NCIIPC), urging further investigation.
In March, they uncovered another zip file, which was smaller in size but still included sensitive material, raising new concerns about ongoing security threats. It remains unknown whether Apollo or an intruder is adding and deleting files from the server.