Kerala’s cooperative banks and hospitals prime target of hackers from Pakistan, China

There have already been a slew of attacks and data thefts, says a source

Representative image Representative image

Kerala’s cooperative banks, hospitals and chit funds have become prime targets of cyber-attacks for data from foreign countries, warn cyber intelligence experts. A reliable source told THE WEEK that there have already been a slew of attacks and data thefts in many institutions, though they remain unaware of these breaches. 

“Many of these institutions, especially cooperative banks and chit funds, have major IT infrastructure vulnerabilities compared to nationalised or major private banks. Additionally, most of these institutions are outsourcing their IT operations to cheap but incapable groups. Hackers, particularly those from China and Pakistan, are exploiting these security weaknesses to steal data, which they later put on the dark web or use for ransom or other cybercrimes,” said the source.

The cooperative movement in Kerala is more than a century old. The state has over 12,000 active cooperative societies, with over 4,000 being credit societies or banks. There are also state-backed and private chit funds. 

“Recently, there was a cyber-attack on a major private chit fund,” said the source. “Interestingly, one of the most common hacking techniques, SQL injection, allows hackers to obtain the data they seek from the poorly managed IT infra of such institutions.” 

SQL injection is a type of cyber-attack in which a hacker inserts their own code into a website to breach its security measures and extract data.

Hospital data is another segment targeted by hackers. “SQL injection has been used to hack into patient data stored by many mid-level hospitals,” said the source. 

The premium hospitals are also not free from cyber-attacks. On April 28, the Regional Cancer Centre (RCC) in Thiruvananthapuram, the state-owned premium cancer care hospital and research centre, faced a cyber-attack. According to an FIR filed in the case, the attacker even attempted to control the radiation treatment and critical patient care systems of the RCC. It is unclear whether there was a major data breach during the attack.

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp