Breach Candy Hospital

Breach Candy Hospital, also referred to as Breach Candy Hospital and Research Centre, is a healthcare institution headquartered in India. The organization functions primarily as a hospital and incorporates research activities, as denoted by its full alias. It provides medical services to patients within India, though specific details regarding its service lines, patient demographics, or geographic reach beyond its headquarters are not detailed in the available information. The hospital operates under the broader identity of the Breach Candy Hospital Trust, indicating a potential trust or nonprofit structure, though explicit ownership or parent-subsidiary relationships are not described.

A defining and documented event in the organization's recent history is a major cybersecurity incident that occurred on February 1, 2020. This breach compromised approximately 121 million medical records associated with the hospital. The exposed data included 120 million medical imaging files, such as X-rays and scans, which were stored in an unsecured Digital Imaging and Communications in Medicine system. Additionally, one million records containing sensitive personal information, including Aadhaar identification numbers and medical histories, were also accessed. The incident reportedly stemmed from compromised access systems within the hospital's own infrastructure. Despite the vast scale of the data exposure, no formal investigation by India's national cybersecurity authorities was initiated, and the hospital did not issue any subsequent public disclosures regarding the breach. This event stands as a significant, publicly noted failure in the institution's data security practices.