Summary: A doctor in Ahmedabad is being blackmailed with private footage from inside his clinic after hackers (allegedly the original installers) accessed his CCTV system using default passwords. The case follows a similar trend of “Clinic Spy Cams” where sensitive medical footage is held for ransom using WhatsApp and QR code payments.
Business Impact: Severe Privacy and Legal Liability. For medical and professional firms, a breach of physical privacy is a catastrophic brand failure. In Bahrain and India, this could trigger massive fines under emerging DPDP/Data Protection laws regarding sensitive biometric and personal data.
Why It Happened: A classic failure of “Basic Hygiene.” Installers retained default credentials, and the client never performed a handover audit. This allowed remote access to the DVR/NVR via standard mobile apps used for surveillance.
Recommended Executive Action: Conduct a “Physical Security Audit.” Every IoT device (cameras, smart locks, printers) must have its default password changed and be placed on a separate, non-routable VLAN. Never allow installers to retain remote access credentials post-setup.
Hashtags: #PhysicalSecurity #IoT #CCTVHack #PrivacyRisk #DPDP #CyberExtortion