Pharmaceutical

A significant security vulnerability at DavaIndia Pharmacy, part of Zota Healthcare, exposed sensitive customer data and administrative controls to potential attackers. Security researcher Eaton Zveare identified the flaw, which stemmed from insecure 'super admin' application programming interfaces (APIs) that allowed unauthorized users to create high-privilege accounts. This breach compromised nearly 17,000 online orders and allowed unauthorized access to critical functions such as modifying product listings, pricing, and prescription requirements. The exposed data included personal information like names, phone numbers, and addresses, raising serious privacy and patient safety concerns. Although the vulnerability was reported to India's national cyber emergency response agency and was fixed shortly thereafter, the incident highlights the risks associated with inadequate cybersecurity measures in the rapidly expanding digital health sector. As DavaIndia continues to scale its operations, the implications of such vulnerabilities could have far-reaching effects on customer trust and safety in the healthcare industry.