The massive cyberattack on the Regional Cancer Center (RCC) in Thiruvananthapuram, which compromised the data of over 20 lakh patients, is a shocking wake-up call about the vulnerability of India’s critical information infrastructure to state-sponsored cyber threats, especially from China.
This brazen attack, allegedly carried out by the North Korean hacking group Daixin Team, follows a pattern of cyber offensive operations that Chinese state-sponsored actors have conducted against Indian government agencies and public and private sector entities over the past decade. As an assessment by cybersecurity experts points out, Chinese hackers have relentlessly targeted foreign embassies, business organizations, and military facilities in Indian cyberspace.
The RCC attack resembles the cyberattack on Delhi’s prestigious All India Institute of Medical Sciences (AIIMS) in 2022, where patient records of prominent individuals were compromised. Both incidents point to the vulnerability of India’s healthcare sector and the relative ease with which cyber criminals can hold critical patient data for ransom.
What makes the RCC attack particularly alarming is the sheer scale of the data breach and the potential for catastrophic consequences. With radiation treatment software being hacked, there was a risk of patients receiving incorrect radiation doses, which could be life-threatening. The theft of personal and medical data of lakhs of patients also exposes them to identity theft, financial fraud and other cybercrimes.
The fact that the RCC had implemented only basic perimeter security and lacked a comprehensive cybersecurity policy or defence-in-depth strategy made it a sitting duck for skilled cyber attackers. This disturbing lapse reflects the poor cybersecurity preparedness in many of India’s public institutions despite repeated warnings from experts.
The RCC incident is just the latest in a long line of cyber intrusions that have exposed the fragility of India’s cyber defences against Chinese state-sponsored actors. In 2020, a Chinese hacking group targeted the Serum Institute of India and Bharat Biotech amid the Covid-19 vaccination drive. The same year, a massive cyber campaign called RedFoxtrot by China’s People’s Liberation Army Unit 69010 targeted government agencies and companies in India and other Asian countries.
In 2021, Chinese hacking groups like TAG-28 launched sophisticated cyber operations against Indian media houses like The Times Group and the government’s Unique Identification Authority of India (UIDAI), which manages the Aadhaar database. Power distribution companies, ports, railways and police networks were also targeted in retaliation for the Galwan Valley clashes.
These incidents highlight China’s aggressive strategy of weaponizing cyberspace to conduct espionage, steal intellectual property and potentially disrupt India’s critical infrastructure during conflicts. With its vast resources and centralized control over civilian and military cyber capabilities, China has emerged as a formidable cyber power that can overwhelm India’s fragmented and under-prepared cyber defenses.
India’s heavy dependence on Chinese-made hardware and telecommunications equipment, often pre-installed with malware, has increased the attack surface for Chinese cyber operations. The widespread use of electronic devices and internet-connected systems as part of Digital India has further amplified cyber vulnerabilities that adversaries can exploit.
While India has made some progress in developing offensive cyber capabilities focused on Pakistan, it lacks a comprehensive strategy, resources and institutional framework to effectively counter the Chinese cyber threat. The country’s multiple cyber agencies still operate in silos, without an integrated command and control structure.
To address this glaring national security risk, India needs to implement a whole-of-government approach to cybersecurity urgently. This should involve developing a robust cybersecurity doctrine, policies and capabilities under a centralized regulatory body. Investing in advanced threat detection, cyber intelligence and cyber workforce development should be prioritized.
Most crucially, India must reduce its dependence on Chinese technology and telecommunications products that provide backdoor entry points for cyber espionage and attacks. Developing secure hardware, software, and cybersecurity solutions aligned with trusted global standards should be the long-term goal.
The RCC cyberattack is a stark reminder that India can ill afford to neglect cybersecurity as it pursues an increasingly digitized future. Failing to fortify the nation’s cyber defences will leave the critical infrastructure, institutions and citizen data perilously exposed to crippling cyber strikes by hostile state and non-state actors. Securing Indian cyberspace must become an urgent national imperative.
Discussion about this post