A prominent Nepali medical doctor and social activist, Dr. Sandesh Lamsal, has called for urgent accountability from Nepal’s health education regulation bodies after multiple warnings surfaced indicating that official passwords linked to these government healthcare system regulation portals had been leaked in a major data breach.
According to screenshots shared by Dr. Lamsal and verified by the Enepalese team, passwords associated with the domains mec.gov.np,”nmc.org.np and exam.nmc.org.np which represent the Medical Education Commission (MEC) and the Nepal Medical Council (NMC), were flagged as compromised by security alerts. These alerts, generated by device-level password managers, warn users that their credentials were “detected in a data leak and may be compromised,” and recommend immediate password changes to protect their accounts.
While neither the MEC nor the NMC have issued public statements about the suspected breach, the consequences are significant. These government websites are used by thousands of medical students, graduates, and practitioners around the globe for a range of purposes, from registration and certification to medical admission exams and licensing exams. In addition to just functional issues, such a breach might serve as the impetus for identity theft, exam result manipulation, credential fraud, and other sensitive data misuses.
Dr. Lamsal notes that this is only the latest in a string of worrisome discoveries he has uncovered while monitoring Nepal’s digital healthcare infrastructure. He has become a leading voice for transformation and commitment in Nepal’s health care landscape, regularly challenging governing bodies and expressing strong opinions regarding themanagement and moral conduct within these organisations.
Speaking to Enepalese in Kathmandu, Dr. Lamsal stated, This is not merely a simple technological error. It’s a matter of national digital infrastructure and data security. These platforms host sensitive personal and professional information of thousands of aspiring and practising doctors and healthcare professionals. A compromised password is more than just an IT issue; it is a violation of trust.”
He continued: “We cannot afford silence or delay. Institutions like MEC and NMC must be held to the highest standards of accountability, not only because of the data they hold but also because of the gatekeeping power they have over the futures of countless young Nepali healthcare professionals and students.”
It’s not the first time Dr. Lamsal has raised concerns about such sensitive topics related to the Nepali healthcare system in the media. Over the last few years, he has been advocating against uncertain evaluating techniques, uneven legislative requirements, and arbitrary decision-making processes. His criticism has received substantial support from medical students, medical professionals, the Nepali public, and digital rights advocates, but it has also occasionally sparked dissatisfaction from political leaders and institutional insiders.
The recent data leak incident adds another dimension to his campaign. It is no longer just a matter of educational governance, but now includes digital security, an area where Nepal’s public institutions have historically lagged.
Cybersecurity experts say the breach appears to be part of a broader pattern of negligence in public sector digital systems in the region. Many South Asian government platforms have outdated infrastructure, poor password hygiene, and little to no penetration testing,” said Ramesh Neupane(name changed), a Nepali cybersecurity analyst based in Singapore. “It’s alarming but not surprising that credentials from such important portals have made their way into public data dumps or black markets.”
MEC and NMC have not formally acknowledged the breach, despite its seriousness. The individuals impacted have not received any notices, and no obvious actions have been made to warn the public or reduce the dangers. This institutional silence has only amplified public concern.
Dr. Lamsal has called on both institutions to confirm whether a breach occurred publicly, notify all affected users, enforce immediate password resets, and publish a roadmap for implementing robust security reforms. He also urged the Ministry of Health and Population to commission an independent security audit of all medical education-related digital infrastructure in the country.
“This should be a wake-up call,” he said. “We must not wait for a catastrophe before we modernise our systems. If the very institutions entrusted with producing the next generation of doctors cannot secure their own digital premises, then what message does that send to the public?”
The ethical and legal ramifications of this violation are also an indicator of alarm. Organisations that do not notify their users promptly about data breaches may be subject to fines or prosecution in several countries. Even though Nepal does not yet have comprehensive data protection laws in place, activists of digital rights argue that this instance emphasises the urgent need for such.
As the story continues to unfold, Dr. Sandesh Lamsal has vowed to keep pressing for answers. For him, this is not merely a personal campaign but a civic responsibility. “I did not raise these issues to shame anyone,” he said. “I raised them because silence has become dangerous. Our institutions must do better for the students, professionals, and people who depend on them.”
One thing is certain, although the senior members of the Nepali medical community are still processing the news: young, fearless voices like Dr Lamsal’s are bringing this long- overdue conversation to the podium to raise awareness among the fraternity’s seniors mthat the modern, digital world demands new standards of responsibility.
URL of his post:https://www.facebook.com/sandesh.1994/posts/pfbid02Awo5aAEayNBs4pQbxcyVqesao6TmfeqDW1BznE8s8nPCF6Gd3QNsGGcquoJWukydl?rdid=WRsxVaKtqmSTVrEv#
Comment