Universal Coaching Centre -

Enter your keyword

8053+ OFFICERS SERVING THE NATION UNIVERSAL COACHING CENTRE Let's join hands together in bringing Your Name in Elite officers list. JOIN US 25 YEARS OF EXCELLENCE MEET NEW FRIENDS AND STUDY WITH EXPERTS JOIN US Nothing is better than having friends study together. Each student can learn from others through by teamwork building and playing interesting games. Following instruction of experts, you and friends will gain best scores.

ULP Click here! Click here! Classroom Programme NRA-CET Test Series
Click here ! Org code: XSHWV

post

CERT Resolves AIIMS Website Organ Donor Leak

Why in the News?

A critical data vulnerability in the AIIMS ORBO website exposed personal and medical details of voluntary organ donors across India. The flaw was flagged by a cybersecurity researcher and later fixed by the Computer Emergency Response Team (CERT-In).

Exposure of Sensitive Organ Donor Data:

● A security researcher, Aniket Tomar, found a major flaw in the Organ Retrieval Banking Organisation (ORBO)website at AIIMS, New Delhi.

● The flaw exposed personally identifiable information (PII) of registered organ and tissue donors without any login/authentication barriers.

● The leak included names, addresses, birth dates, blood groups, and mobile/emergency contact details.

● The data set was nationwide in scope, with several lakh entries, not just limited to Delhi.

● This exposed individuals to serious threats like identity theft, phishing, and social engineering attacks.

CERT Action and Researcher’s Role

● In mid-May 2025, Aniket Tomar reported the issue to CERT-In via email.

● He raised concerns over violation of the DPDP Act, 2023, due to the breach of medical and personal data privacy.

● On June 18, 2025, CERT-In acknowledged and appreciated his report.

● The vulnerability was patched, and the data was secured from public access.

● The case underlines the importance of ethical hacking and public-private cooperation in digital security.

About Digital Health and Data Protection:
ORBO is the nodal agency for cadaver organ and tissue donation under AIIMS.
● The Digital Personal Data Protection (DPDP) Act, 2023 mandates protection of sensitive health data.
CERT-In is India’s national agency to respond to cybersecurity threats and vulnerabilities.
Data breaches in healthcare can erode public trust and hamper voluntary participation in donation programs.
● Ensuring cyber hygiene, regular audits, and access controls are crucial in digital health platforms.

This incident highlights the critical importance of robust cybersecurity measures in healthcare systems, especially those handling sensitive personal and medical data. As digital health initiatives expand, maintaining data privacy and security becomes paramount to ensure public trust and the success of vital programs like organ donation.