THIRUVANANTHAPURAM: In a shocking exposure of a lack of proper cyber security guardrails and its costly consequences, a large volume of medical data from a leading private hospital in Ernakulam district was allegedly hacked by an international cybercriminal group and posted on darkweb for sale.
The data is suspected to have been hacked by ‘The Gentlemen’, a cybercriminal group that emerged in mid-2025 and targeted more than 400 organisations, including those in the healthcare sector, in around 50 countries. The massive server-level breach was reported in mid-March and data exceeding 800 GB was exfiltrated by the hackers. The data was later placed for sale on darkweb.
A 30 MB sample data, which was accessed by TNIE from the darkweb, revealed that the claim of the hackers was authentic. The data placed for sale consisted of multiple elements including patient records, administrative records, in-patient treatment details, patient admission information, and minutes of meetings of various committees of the hospital.
An insider told this newspaper that there was an operational disruption after the cyber attack. However, the hospital authorities were of the belief that there was no data exfiltration and that critical data was safe. However, a log check revealed that there was a massive data breach.
“It began with a ransomware e-mail,” the source said. After the attack, the hospital deployed an international IT firm for cyber security service and chose not to file a police complaint. Sources with cyber operations wing of the state police confirmed that the attack indeed occurred at the hospital. However, they denied having any more knowledge of it.
Click Here For The Original Source.
