Cyber Incident Victim: Kerala Cyber Hackers

On June 27, 2020, the hacker group Kerala Cyber Hackers breached the Delhi State Health Mission website operated by the Delhi Government, accessing a database containing personal information of approximately 80,000 COVID-19 patients. The group claimed the intrusion took less than 10 minutes to execute. Compromised data included patient names, ages, residential addresses, and COVID-19 test results. Kerala Cyber Hackers publicly disclosed the breach through a Facebook post, sharing screenshots of patient records to substantiate their claims while asserting they would not release the full dataset. The group framed the attack as a protest against the Delhi Government's treatment of healthcare workers, specifically citing inadequate personal protective equipment (PPE) provision and unsafe working conditions during the pandemic.

The hackers criticized the government's failure to implement basic data security measures for sensitive health information. At the time of reporting on July 1, 2020, the Delhi Government had not issued any public response to the breach allegations. The incident occurred against the backdrop of New Delhi's severe COVID-19 outbreak and systemic underfunding of India's public healthcare system, which allocated approximately £12 per capita annually. This breach followed earlier security concerns about India's COVID-19 response infrastructure, including vulnerabilities reported in May 2020 within the government's Aarogya Setu contact tracing app that exposed location data for millions. The event added to India's documented history of data protection challenges, exemplified by recurring leaks from its national biometric database system. Healthcare professionals in Delhi reported contracting COVID-19 due to PPE shortages stemming from budget constraints, contextualizing the hackers' stated motivations.