ZHL A.I CyberSecurity Scoring
ZHL
Company Information
Website:http://www.zotahealthcare.com
Employees number:700
Number of followers:9,078
NAICS:3254
Industry Type:Pharmaceutical Manufacturing
Homepage:zotahealthcare.com
ZHL Risk Score (AI oriented)
Between 750 and 799
ZHLPharmaceutical Manufacturing
Updated:
05/03/2026
05/03/2026
753/1000
Fair
Baa
ZHL Global Score (TPRM)
xxxx
ZHLPharmaceutical Manufacturing
Score locked

ZHLFair
Current Score
753Baa (FAIR)
01000
1 incidents
-4 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
754
JUNE 2026
754
MAY 2026
754
APRIL 2026
754
MARCH 2026
753
FEBRUARY 2026
753
JANUARY 2026
753
DECEMBER 2025
753
NOVEMBER 2025
753
OCTOBER 2025
752
SEPTEMBER 2025
752
AUGUST 2025
756
Vulnerability
01 Aug 2025 • ZHL
Zota Healthcare and DavaIndia Pharmacy: Indian pharmacy chain giant exposed customer data and internal systems
DavaIndia Pharmacy Flaw Exposed Sensitive Customer Data, Allowed Unauthorized 'Super Admin' Access
752
CRITICAL-4
ZOTDAV1771331028
DavaIndia Pharmacy Flaw Exposed Sensitive Customer Data, Allowed Unauthorized "Super Admin" Access
A critical security vulnerability in DavaIndia Pharmacy, the pharmacy arm of Zota Healthcare with over 2,300 stores across India, allowed unauthenticated users to create "super admin" accounts with full system privileges. The flaw, introduced in late 2024, exposed highly sensitive customer data tied to nearly 17,000 online orders across 800+ stores, including health conditions, medications, personal details, and purchase histories.
Security researcher Eaton Zveare discovered the bug, which enabled attackers to:
- Access and exfiltrate customer data (names, phone numbers, emails, addresses, and purchased products).
- Tamper with product listings, including modifying prices and prescription requirements.
- Create unauthorized discounts, coupons, and alter administrative controls.
Zveare described the exposed data as potentially "private and even embarrassing" due to the nature of pharmacy purchases. While no evidence suggests malicious exploitation, the flaw remained unpatched until mid-September 2025, following Zveare’s responsible disclosure to CERT-In (India’s national cybersecurity agency) in August 2025. DavaIndia confirmed the fix in late November 2025, though no customer action such as password resets was required, as payment data and other secrets remained secure.
The incident highlights risks in handling sensitive health-related data, particularly in large-scale digital pharmacy platforms.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for ZHL ??
What was ZHL's A.I Rankiteo Cyber Score in June 2026 ??
What was ZHL's A.I Rankiteo Cyber Score in May 2026 ??
What was ZHL's A.I Rankiteo Cyber Score in April 2026 ??
What was ZHL's A.I Rankiteo Cyber Score in March 2026 ??
What was ZHL's A.I Rankiteo Cyber Score in February 2026 ??
What was ZHL's A.I Rankiteo Cyber Score in January 2026 ??
What was ZHL's A.I Rankiteo Cyber Score in December 2025 ??
What was ZHL's A.I Rankiteo Cyber Score in November 2025 ??
What was ZHL's A.I Rankiteo Cyber Score in October 2025 ??
What was ZHL's A.I Rankiteo Cyber Score in September 2025 ??
What was ZHL's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on ZHL's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with ZHL ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view ZHL's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?