A shocking investigation has unveiled one of India’s most alarming cybersecurity breaches, where hackers stole approximately 50,000 intimate videos from hospital CCTV systems using nothing more than a default password: “admin123.”
The Rajkot Hospital Breach
What began as a case of digital negligence at Payal Maternity Hospital in Rajkot spiralled into a national nightmare spanning 20 states. Hackers accessed the hospital’s CCTV system through its default administrator login and systematically recorded sensitive footage from the gynaecology ward, capturing intimate moments of women undergoing medical examinations. Over nine months—from January through December 2024—the perpetrators stole thousands of clips before being arrested in early 2025.
The breach came to light when teaser clips from the Rajkot facility surfaced on YouTube channels like “Megha MBBS” and “cp monda.” These clips served as bait, redirecting viewers to Telegram groups where the full videos were sold for Rs 700 to Rs 4,000 each, funnelling the stolen intimate content into international fetish networks for profit.
A Pan-India Cyber Catastrophe
Investigators discovered this wasn’t an isolated incident. The probe unearthed approximately 80 compromised CCTV dashboards across India, affecting institutions in Pune, Mumbai, Nashik, Surat, Ahmedabad, Delhi, and smaller towns. Victims weren’t limited to hospitals—the breach extended to schools, corporate offices, cinema halls, factories, and private residences across 20 states.
Despite arrests made earlier in 2025, investigators confirmed that stolen clips remained available on Telegram groups until June 2025, suggesting the criminal network was far more extensive than initially believed.
How the Hackers Operated
The operation combined basic cybercrime techniques with sophisticated execution. Many CCTV systems still operated with factory-set usernames and passwords like “admin123,” offering hackers easy entry points. An Ahmedabad cybercrime branch officer revealed that attackers employed a “brute force attack”—automated bots attempting countless username and password combinations until finding the correct one.
The mastermind, Parit Dhameliya (a BCom graduate), used three different hacking tools to crack into unsecured cameras. His associate, Rohit Sisodiya, who posed as a medical technician using a diploma in medical laboratory technology as cover, employed a legitimate remote-viewing application with stolen credentials to gain unauthorized access to live feeds. This technique allowed them to monitor and record activities in real-time from examination rooms to private offices, often without victims ever realizing they were being watched.
A National Wake-Up Call
The Payal Maternity Hospital case has triggered serious conversations about India’s cyber hygiene crisis and digital security negligence. Experts warn that even small clinics and private setups routinely ignore basic cybersecurity protocols. The proliferation of affordable, cloud-based CCTV systems has created a dangerous pattern: users connect devices directly to the internet without secure firewalls or regular password updates, leaving thousands of networks vulnerable to exploitation.
Investigators have now recommended mandatory cybersecurity audits for all healthcare and public-facing institutions using digital surveillance. Authorities continue tracking the distribution chain and coordinating across states to identify additional compromised networks. The accused hackers face charges under multiple sections of the Information Technology Act and Indian Penal Code for data theft, privacy invasion, and cyber exploitation.
However, experts believe many mirror networks remain active abroad, continuously re-uploading and monetizing stolen footage on dark web forums. This incident stands as a grim reminder that a single weak password can destroy countless lives and expose critical national vulnerabilities.
With healthcare accounting for 21.82% of all cyberattacks in India—mirroring global trends where U.S. provider SimonMed Imaging recently lost 1.27 million patient records to Medusa ransomware in January 2025—this incident raises critical questions about infrastructure vulnerability across continents.
