Critical vulnerability exposed sensitive data of voluntary organ donors

A critical vulnerability in the Organ Retrieval Banking Organisation (ORBO) website of the All India Institute of Medical Sciences (AIIMS), New Delhi, that exposed sensitive data of voluntary organ donors across India along with their identity, health profile and contact details was detected and resolved, thanks to an independent security researcher who flagged the flaw.

ORBO is the nodal facility for cadaver organ and tissue donation-related activities of the AIIMS. It maintains a brain death donor registry, coordinates the process of organ and tissue donation and transplantation and disseminates information to hospitals.

In mid May 2025, the researcher, Aniket Tomar, came across the vulnerability and alerted the Computer Emergency Response Team (CERT).

Breach of data privacy

In an email informing about the critical data exposure, he said the vulnerability disclosed personally identifiable and medical information of registered organ and tissue donors without any authentication mechanism for accessing it, posing a grave threat to data privacy, compliance, and national health infrastructure security.

The data leak provided unrestricted access to the complete list of organ and tissue donors registered with the AIIMS. The information included full name, residential address, date of birth, blood group, mobile number and emergency contact details of the donor putting hundreds of individuals at significant risks of identity theft, phishing attacks, and social engineering exploitation.

“Such a data breach from a reputed medical institution not only undermines public trust in digital health systems but also violates data protection principles under the Digital Personal Data Protection (DPDP) Act, 2023. The severity is amplified by the fact that the breach affects a sensitive demographic—organ donors—who expect the highest standards of confidentiality and data stewardship,” Mr. Tomar said in his alert to the CERT.

Personally Identifiable Information (PII) fields should be sanitised or redacted in any publicly accessible reports, he said and called for a thorough audit of similar web applications across other government healthcare portals to prevent systemic exposure. The AIIMS should notify affected individuals in accordance with ethical standards.

‘More than a technical lapse’

“I was able to view several lakh donor entries... The data was not limited to Delhi, the entries appeared to include donors from various regions across India, indicating a nationwide scope. The exposure of this data is a serious breach of privacy, undermining the trust of individuals who voluntarily shared their most sensitive personal information with a national health platform,” Mr. Tomar told The Hindu.

More than just a technical lapse, the incident raises deep ethical concerns and threatens to erode public confidence in organ donation systems and the broader healthcare infrastructure, he said.

On June 18, 2025, the CERT wrote to Mr. Tomar appreciating him for detecting the critical vulnerability. The vulnerability was successfully mitigated and the exposed data was no longer publicly accessible, the researcher said.