Sensitive data of organ donors exposed on AIIMS website
A major security flaw on the AIIMS New Delhi organ donor website left sensitive details of hundreds of voluntary donors—like full names, residential addresses, birth dates, blood groups, mobile numbers, and emergency contact details—open to anyone online.
The issue was flagged by researcher Aniket Tomar, who alerted authorities after discovering that no login or authentication was needed to access this private data.
This breach has raised big concerns about privacy and digital safety for those who chose to help others.
AIIMS fixed the vulnerability after it was reported
After Tomar reported the problem on June 18, 2025, AIIMS quickly fixed the vulnerability and blocked public access. Still, the damage was already done for lakhs of donors across India.
Tomar is now urging audits for all government health websites and wants AIIMS to notify affected people directly.
The incident highlights just how important strong data protection is in healthcare—and serves as a wake-up call for better cybersecurity everywhere.