💊 Pharma Breach: Trust Shattered & Data Risk 🚨
Tech
🎧
A security vulnerability within DavaIndia Pharmacy, the pharmacy arm of Zota Healthcare, presented a risk to its operations. A security researcher identified insecure administrative interfaces on the company’s website. This allowed external access to the platform, potentially exposing customer order data and drug control functions. The issue impacted over 2,300 stores, including recently opened locations. Indian cybersecurity authorities were notified in late November 2025, and the vulnerability was addressed within August 2025. There was no evidence of prior exploitation. The company’s CEO did not respond to inquiries from TechCrunch.
VULNERABILITY DISCOVERY AND INITIAL REPORTING
Security researcher Eaton Zveare identified a critical security flaw within the DavaIndia Pharmacy platform, operated by Zota Healthcare. Through the discovery of insecure “super admin” application programming interfaces on the website, Zveare alerted Indian cybersecurity authorities, specifically CERT-In, in August 2025. This proactive reporting was crucial in initiating a rapid response to mitigate the potential risks associated with the vulnerability. Zveare’s diligence in identifying and reporting the issue underscores the importance of ongoing security assessments and vulnerability research within the pharmaceutical technology sector.
THE NATURE OF THE VULNERABILITY AND ITS POTENTIAL IMPACT
The discovered flaw allowed unauthorized users to create “super admin” accounts with elevated privileges. Once authenticated, these users gained access to a vast amount of sensitive data, including thousands of customer order records. Each order contained detailed customer information such as names, phone numbers, email addresses, mailing addresses, total purchase amounts, and the specific medications purchased. Furthermore, the compromised access enabled manipulation of product listings and prices, the generation of discount coupons, and the alteration of prescription requirements for certain drugs. The potential impact of this breach extends beyond simple data exposure; the ability to modify drug controls presents significant risks to patient safety and underscores the critical need for robust security measures in the pharmaceutical industry.
RESPONSE AND REMEDIATION
Following Zveare’s report to CERT-In, the vulnerability was swiftly addressed. The issue was patched within a relatively short timeframe, with confirmation of the fix provided to the cyber authorities in late November 2025. While the exact timeline remains somewhat opaque due to a lack of direct communication from Zota Healthcare’s CEO, Sujit Paul, the rapid response demonstrates the effectiveness of India’s national cyber emergency response agency and highlights the importance of collaborative action between security researchers and technology providers. The swift resolution prevented any apparent exploitation of the flaw, mitigating the immediate risks associated with the breach.
This article is AI-synthesized from public sources and may not reflect original reporting.