India's health data faces rising risk of breaches, cyberattacks

economictimes.indiatimes.com:

India's CoWIN vaccine portal, the head of the National Health Authority, RS Sharma, said that it had «state-of-the-art security infrastructure and has never faced a security breach.» Last month, Sharma's own personal data was exposed in a massive leak of CoWIN data via the Telegram app. Officials first denied a breach had taken place, then days later, Delhi police said they had arrested two individuals in relation to the leak.

The data leak — including names, Aadhaar national IDs, mobile numbers, voter IDs, passports and COVID vaccination status of millions of individuals — was one of the largest in India, and came on the heels of other breaches of CoWIN and Aadhaar data, and the records of a leading hospital in Delhi. The recent breaches of health data are particularly concerning, digital experts said, as they leave individuals vulnerable to scams, harassment and discrimination without remedy in the absence of a data protection law in the country.

They warned it also undermines India's aim to develop and export to Asian and African countries its digital public infrastructure model comprising Aadhaar, mobile payment system UPI and the National Health Stack data platform, that authorities say will improve access and efficiency. But in pushing its digital public infrastructure «India is putting people at risk from data collection and data overreach,» said Raman Jit Singh Chima, Asia policy director at digital rights group Access Now.

«It's a bad model.» «The push for greater digitisation of health data is happening without discussion or adequate data protection. India is seeing an increase in cyberattacks, and the refusal to acknowledge breaches and to hold institutions accountable is a reckless approach,» he said.