Gujarat Hospital Data Breach Exposes CCTV Footage on Foreign Porn Sites

The Gujarat hospital data breach has shocked India after investigators uncovered that hospital CCTV cameras were hacked and streamed live on international pornographic websites. The breach, which originated from default passwords such as “admin123” and “12345”, exposed intimate footage from intensive care units, maternity wards, and operation theatres. The stolen recordings were later sold through encrypted Telegram channels and shared on foreign fetish platforms, marking one of the most disturbing cyber incidents in India’s healthcare sector to date.

According to a detailed report by The Times of India, the attack targeted hospitals in Gujarat, Maharashtra, and several other Indian states. Hackers exploited unsecured CCTV dashboards that were left online with default login credentials, gaining access to private video feeds without triggering any security alarms. The investigation revealed that over 80 hospital systems were compromised nationwide, leading to the theft of more than 50,000 explicit video clips over a period of nine months.

How the Gujarat Hospital Data Breach Happened

The breach began when cybercriminals identified multiple hospital CCTV systems configured with unchanged default passwords. Using a specialized tool known as “SWC software,” the attackers extracted camera IDs, passwords, and IP addresses from exposed systems. They then accessed live feeds through DMSS, a legitimate mobile application intended for remote CCTV monitoring, to intercept footage from sensitive hospital areas.

Once inside the network, the attackers streamed and recorded the footage in real time. These recordings primarily involved women undergoing medical examinations in gynecology and maternity wards, along with patients in ICU and operating rooms. The hackers reportedly used Virtual Private Networks (VPNs) to disguise their locations, routing their activities through international servers in Bucharest, Romania, and New York, USA.

The compromised footage was systematically cataloged and uploaded to adult sites overseas. Portions of the content were even marketed on YouTube through teaser clips, under titles like “Megha Mbbs” and “cp monda.” Customers were then redirected to Telegram groups where they could purchase the stolen clips for between ₹700 and ₹4,000 (approximately $8–$48). Investigators confirmed that over 11,000 successful access events occurred between January and December 2024, primarily through hubs located in Mumbai, Delhi, and Surat.

Scale and Scope of the Breach

The Gujarat hospital data breach affected facilities in cities including Rajkot, Pune, Mumbai, Nashik, and Ahmedabad. The log analysis revealed the following breakdown of external access events:

• Mumbai: 4,752 access sessions – primary hub for bulk data harvesting and video aggregation.
• New Delhi: 3,915 access sessions – central control node for managing and distributing stolen data.
• Surat: 2,119 access sessions – logistical base and local persistence hub near Rajkot.
• Bucharest (Romania): 24 sessions – international C2 node used to mask location and anonymize uploads.
• New York (US): 20 sessions – proxy relay for routing stolen traffic internationally.

The digital footprint of the operation revealed over 11,356 external connections, establishing a coordinated structure between domestic and international networks. Investigators found that several of the hackers used VPNs and overseas proxy servers to disguise their identities and launder payments through Indian bank accounts. Key suspects arrested included engineering students and NEET aspirants, one of whom allegedly handled the financial side of the operation by collecting subscription payments.

Arrests and Investigation

Authorities identified and arrested multiple suspects within 39 hours of filing the initial report. Among them were Prajwal Teli, the alleged mastermind, and Chandraprakash Phoolchand, who managed the Telegram distribution network. Another key figure, Praj Patil, acted as the payment facilitator, while Rohit Sisodiya was responsible for breaching camera systems using medical laboratory equipment as cover.

Police confirmed that the group ran a sophisticated distribution scheme across YouTube, Telegram, and private forums. They monetized hospital footage by charging subscription fees, routing payments through local bank accounts and cryptocurrency wallets. The operation was dismantled after digital forensic investigators tracked logins and discovered the breached systems still using factory-set credentials.

The hackers were charged under multiple provisions of the Indian Penal Code, the Information Technology Act, and the Bharatiya Nyaya Sanhita (BNS) Act, including sections related to cyber terrorism and obscene content distribution. Police noted that even after the arrests, some of the illegally obtained videos remained available on Telegram channels until June 2025.

Technical Details of the Compromise

Investigators discovered that the compromised hospital networks were running outdated CCTV management software that lacked encryption and two-factor authentication. The DMSS platform, which the hackers abused, is commonly used in India for legitimate remote monitoring but was easily hijacked when default passwords were left unchanged.

Attackers used brute-force and credential-stuffing methods to locate accessible systems across 20 states. Once access was established, the malware collected camera feeds and sent them to external command nodes through VPN tunnels. Analysts described the attackers’ network as “modular,” using separate locations for harvesting, processing, and routing data. This setup allowed the operation to continue undetected for months while anonymizing international distribution.

The forensic team noted that the footage was not stored locally but streamed directly to cloud servers, making it more difficult for hospitals to detect anomalies. The attackers’ infrastructure was sophisticated enough to handle high-bandwidth transfers and batch uploads of large video files, indicating that the breach was organized and financially motivated rather than opportunistic.

National and Ethical Implications

The Gujarat hospital data breach raises serious ethical and privacy concerns. Hospitals are legally required to safeguard patient data under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules of 2011. The exposure of sensitive medical footage represents a gross violation of patient confidentiality and digital ethics.

Healthcare cybersecurity experts in India have expressed outrage over the negligence that allowed such systems to remain unprotected. They point out that even basic cybersecurity training could have prevented the disaster. In some hospitals, administrators were reportedly unaware that their cameras were accessible from the internet without passwords.

Medical professionals have also criticized the use of low-cost, unsecured CCTV systems in critical environments like operation theatres and maternity wards. These systems often lack compliance with healthcare security standards and fail to support encrypted transmission protocols. Experts have urged Indian hospitals to adopt zero-trust network models and implement mandatory password policies for all connected devices.

Response from Authorities and CERT-In

The Indian Computer Emergency Response Team (CERT-In) has advised all healthcare institutions to report any suspected breaches within six hours of detection, as required under India’s cybersecurity directives. Officials have also urged immediate patching of CCTV systems and replacement of default credentials. The Ministry of Electronics and Information Technology (MeitY) is expected to issue additional advisories targeting hospitals and IoT vendors following the breach.

Meanwhile, law enforcement agencies continue to coordinate with international cybercrime units to remove the compromised content from foreign websites. Indian authorities are also engaging with hosting providers and social media platforms to take down associated channels and Telegram groups.

Preventive Measures for Hospitals and Organizations

Experts have outlined several key steps to prevent future incidents similar to the Gujarat hospital data breach:

• Immediately change all factory-set passwords on CCTV and IoT devices.
• Restrict external access by disabling remote viewing features unless essential.
• Enable multi-factor authentication and encryption for all camera dashboards.
• Conduct regular network audits to detect unauthorized access attempts.
• Implement VPN or firewall restrictions for remote management interfaces.
• Keep firmware updated to patch known vulnerabilities.

Hospitals are also being urged to separate medical network infrastructure from surveillance systems to prevent cross-network compromise. By segmenting devices and enforcing stricter access controls, administrators can greatly reduce the risk of similar privacy violations.

Broader Context: India’s Healthcare Cybersecurity Challenge

The Gujarat hospital data breach exposes systemic vulnerabilities in India’s healthcare technology infrastructure. Over the past few years, hospitals across the country have rapidly expanded surveillance and digital record systems without proportional investment in cybersecurity. This has created an environment where attackers can exploit outdated software and weak access controls to obtain sensitive patient data.

Cybersecurity researchers warn that the breach could have long-term consequences for public trust in India’s healthcare system. Patients may become reluctant to visit hospitals or participate in digital health initiatives if privacy risks remain unresolved. The government’s push for digitization under programs like the Ayushman Bharat Digital Mission (ABDM) will require stronger enforcement of privacy standards and regular compliance audits across medical institutions.

The Gujarat incident serves as a stark reminder that cybersecurity negligence in healthcare is not just a technical issue but a moral one. Protecting patient dignity and data integrity must be treated as a critical component of medical ethics. As India continues its digital transformation, the lessons from this breach will likely shape future healthcare security regulations nationwide.

For continued coverage of verified data breaches and related cybersecurity developments, visit Botcrawl for in-depth analysis of global and regional threats.