India News Bull

Hospital Security Breach: How Default Password 'admin123' Led to Patient Privacy Violation and Pornographic Distribution

An investigation reveals how poor cybersecurity practices at a Gujarat maternity hospital allowed hackers to access CCTV footage of gynecological examinations, which was subsequently uploaded to pornographic websites and sold on Telegram. The breach was part of a larger attack affecting 80 facilities across India, all using the default password "admin123" for their surveillance systems.
  • Date & Time:
  • |
  • Views: 17
  • |
  • From: India News Bull

How 'admin123' Led To Hospital Footage Of Women Being Uploaded On Porn Sites

The healthcare facilities failed to modify the default password, which remained as 'admin123'.

An investigation has revealed that inadequate digital security measures resulted in footage of women undergoing gynecological examinations at a maternity hospital in Rajkot, Gujarat being uploaded to pornographic websites.

In February, a scandal erupted when video clips showing women in various states of undress at the Payal Maternity Home in Rajkot appeared on porn sites and were being sold through Telegram groups. The hospital administration claimed their server had been compromised by hackers.

Dr. Amit Akbari, a physician at the facility, stated, "We are unaware of how the hospital videos became public. Our CCTV server appears to have been hacked. We don't understand why this occurred and will be notifying law enforcement."

While some individuals responsible for the hacking were apprehended that same month, the videos continued to be available for purchase on Telegram groups until at least June.

The investigation uncovered that the maternity home's CCTV dashboard was among 80 systems hacked across India, including locations in Delhi, Pune, Mumbai, Nashik, Surat, and Ahmedabad. The hackers gained access to the hospital's surveillance footage for nearly the entire year of 2024, as well as recordings from educational institutions, businesses, movie theaters, manufacturing facilities, and private residences.

Investigators determined that most of the compromised locations, including the hospital, had maintained the default password for their CCTV dashboard - "admin123". The hackers employed a brute force attack, using various combinations of words, numbers, and symbols to access the systems. Due to the simplistic password, they were able to breach these dashboards with minimal effort.

Security experts emphasized that this incident highlights the necessity for robust passwords and implementing two-factor authentication when available. They stressed that institutions particularly need to enforce stringent security measures because they are responsible for protecting sensitive data belonging to others, including intimate footage of patients in the hospital's situation.

(With contributions from Mahendra Prasad)

Source: https://www.ndtv.com/india-news/how-admin123-led-to-hospital-footage-of-women-being-uploaded-on-porn-sites-gujarat-hospital-rajkot-hospital-9574368