SUMMARY
The premiere healthcare institute has been held at ransom by a purported ransomware attack which was detected on November 23
While internet services have been blocked on computers at AIIMS, a full sweep is currently underway of the institute’s servers, systems and the network
The matter is currently under investigation by a team comprising representatives from CERT-In, Delhi Police and the Ministry of Home Affairs
Update| November 29, 07:30 PM
News agency ANI, quoting Delhi Police, reported that no ransom demand has so far been made to AIIMS authorities.
In a statement, AIIMS also said, “The data restoration and server cleaning is in progress and is taking some time due to the volume of data and a large number of servers for the hospital services. Measures are being taken for cyber security.”
Original Story| November 28 , 11:21 PM
For the sixth consecutive day on Monday (November 28), servers at the All India Institute of Medical Services (AIIMS) Delhi remained out of order as hackers reportedly demanded approximately INR 200 Cr in cryptocurrencies.
Sources told news agency PTI that the hackers have remained adamant on the demand. The data of an estimated 3-4 Cr patients could have been compromised due to the breach.
The premiere healthcare institute has been held at ransom by a purported ransomware attack which was detected on November 23. The attack has affected systems at the facility and has forced the administration to resort to manual management of emergency, outpatient, inpatient, and laboratory services.
A ransomware attack involves a malware software that encrypts files and denies access to the actual user. Generally, such cases involve cyberattackers demanding a ransom from the victims in return for a decryption key to enable the latter to gain access to their servers and files.
The report, citing sources, said that the internet services have been blocked on computers at the hospital, while a full sweep is currently underway of the institute’s servers, systems and the network. So far, anti-virus solutions have also been deployed in nearly 1,200 out of 5,000 computers at the site while 20 out of 50 servers have been scanned for malicious elements.
As per sources, this activity has been ongoing 24×7.
While the NIC (National Informatics Centre) e-hospital database and application servers for e-hospital have been restored, the NIC team is currently scanning and cleaning infection from other e-hospital servers located at AIIMS.
Additionally, sanitisation of the AIIMS network is also currently underway and four physical servers have been arranged for restoring e-hospital services and for hosting databases and applications.
“The full sanitisation of the network is likely to continue for five more days. Thereafter, e-hospital services can be rolled out in a phased manner. Patient care services including emergency, outpatient, inpatient, laboratory, etc., services are being continued on manual mode,” a source was quoted as saying.
The matter is currently under investigation by a team comprising representatives of Computer Emergency Response Team (CERT-In), Delhi Police and the Ministry of Home Affairs.
The Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) wing also filed a case of extortion and cyber terrorism in the matter on November 25.
Reacting to the attack, cybersecurity software-as-a-service (SaaS) firm Indusface’s chief executive officer (CEO) and founder Ashish Tandon recently told Inc42, “To fulfil the dream of a digital healthcare ecosystem, it is time to revamp the way we approach cybersecurity currently, especially in terms of healthcare data.”
At stake are multiple things. The AIIMS servers also host the data of multiple VIPs including former prime ministers, ministers, bureaucrats and judges. This could jeopardise national security and has raised alarm across the ministries.
Interestingly, the ransomware attack came a month prior to AIIMS announcing that it would go paperless from January 1, 2023, and would fully digitise its services by April 2023.
Increasing Cyberattacks
This follows a volley of such cyberattacks on critical Indian installations. Earlier this month, the Central Depository Services Limited (CDSL) went offline after it detected malware in a few of its internal machines.
Cyberattackers earlier this year broke into Oil India Limited (OIL) and demanded $75,00,000 in Bitcoin as ransom. While many major Indian institutions have been hit in such attacks, these intrusions have especially been pronounced in the health sector.
As per Google, the country saw 18 Mn cyberattacks and 2 Lakh threats per day in the first quarter of 2022. According to cybersecurity startup CloudSEK, India saw the second highest number of attacks in the world on the healthcare industry last year.
Attempts have also been made, in the recent past, to hack into homegrown healthcare firms such as Serum Institute of India (SII), Bharat Biotech, Dr Reddy’s Labs and Abbott India, largely by state actors and hacker groups from Russia, China, and North Korea.
Despite multiple attacks on critical government installations in the past few months, the government is yet to get a grip on the growing number of incidents. In the absence of a strong firewall around government data, the websites are still open to vulnerabilities which allows malicious actors to exploit such loopholes.
