Cyber Incident Victim: Health Solutions

On December 2, 2016, hackers breached the website of Health Solutions (hsppl.com), a major Indian diagnostic laboratory, accessing a database containing approximately 35,000 medical records. The compromised data included sensitive patient information such as names, ages, genders, blood test reports, lipid profiles, and HIV test results, primarily affecting individuals from Mumbai. While photographs and contact details remained secure, the attackers exfiltrated medical files from a repository of 40,000 total documents. Website administrators detected the intrusion and responded by erasing the entire database from their web platform to prevent further exposure. Company representatives characterized the stolen records as one year old at the time of theft. Patients remained unaware of the breach initially, with no immediate confirmation from Health Solutions regarding notification plans.

This incident marked at least the third security compromise affecting Health Solutions within a single week, following prior unreported breaches that prompted administrators to halt new file uploads to the vulnerable website. Company officials acknowledged their inability to prevent the recurring intrusions despite awareness of systemic vulnerabilities, stating they were transitioning to a new IT infrastructure. Health Solutions initiated an internal investigation focused on identifying the perpetrator, whom they described as an Indian national operating through Chinese servers. The organization announced intentions to pursue legal action against the attacker while continuing to assess the full scope of data exfiltration. No evidence suggested public release of stolen records at the time of reporting, though the repeated breaches exposed systemic security deficiencies in patient data management.