"Ethical Hacking: The Challenges Facing India"
A security researcher, named Avinash Jain, found a vulnerability in India's state-run health portal, which is used by patients to book appointments at government hospitals online. The vulnerability allowed him to access sensitive details about a patient such as their full name, address, history of appointments made on the health portal, patient ID, unique biometric identification number, and recorded medical conditions. Following Jain's disclosure of the vulnerability to the Indian Computer Emergency Response Team (CERT-In), the flaw was patched. However, the responsible disclosure of critical vulnerabilities by researchers is not always appreciated by the Indian government. Although ethical hackers in India help to improve the security of data, they can still face legal consequences from the Indian government when they disclose vulnerabilities associated with government agency systems. This article continues to discuss the vulnerability discovered in India's ORS Patient Portal, other incidents in which the global healthcare industry has been targeted by cybercriminals, and the lack of legal protections for security researchers in India.