At AIIMS Delhi cyberattack, routine tasks including scheduling appointments, registering patients, paying, and producing lab reports have all been halted by the cyberattack.
According to an agency, no precautions were taken by the computer department to protect the network after four servers became infected.
Indian Computer Emergency Response Team (CERT-In) investigators looking into the cybercrime on some server farms at the All India Institute of Medical Sciences (AIIMS) in Delhi discovered that no security measures had been taken by the AIIMS computer faculty. That no policies had been defined on their firewall and the majority of the switches were unmanaged.
The National Informatics Centre claimed that the event was a ransomware attack. Wherein hackers ask for money to regain access to online services, The Indian Express reported.
AIIMS Delhi cyberattack has blocked normal activities, involving appointments and registrations, invoicing, lab report generation, etc. The institute claims that a ransomware assault has corrupted all of the files kept on the hospital’s primary and backup systems.
Malware or software that encrypts data on a system is known as ransomware.
What’s at stake?
The data hack has apparently affected the data of about 3–4 crore people, comprising confidential data and medical information of VIPs.
A number of VIPs had their data kept, including past prime ministers, ministers, officials, and judges. About 38 million patients get served at AIIMS each year. All their info is lost now.
The compromised databases contain Personally Identifiable Information (PII) of patients and health staff. These include administrative information stored on blood donors, ambulances, vaccines, caretakers, and employee login credentials.
It is very possible that the ransomware attack exposed personal information. And medical data of numerous patients who received treatment at the facility. Typically, hackers sell data on the dark web.
What’s happening now?
All files and data on the affected servers of AIIMS display the phrase, “free decryption as a guarantee. You may submit us up to three free decrypted files before payment,” according to CERT-In, the nation’s top cybersecurity agency.
Delhi Police has launched an FIR under IPC Section 385 (placing a person at risk of harm in order to commit blackmail), 66 and 66-F IT Act after getting a complaint from one Shri Kumar Yadav, an assistant security officer at AIIMS.
Four servers, including two application servers, one database server, and one backup server, were discovered to be infected. According to an initial examination by CERT-In, a source said. “A crew of CERT-In discovered that encryption was initiated by one of the Windows servers connected in the same network. However, the documents on this server also weren’t encrypted.
The NIA has despatched a squad to AIIMS. A group from the Defence Research and Development Organisation (DRDO) is also investigating the situation in addition to the CERT-In and NIC teams. Delhi Police, the Intelligence Bureau, CBI, and Home Ministry are also investigating the event.
The header of the encrypted files has been used to identify the attacker’s two proton mail addresses, “dog2398” and “mouse63209,” according to the preliminary investigation. The compromise in security has mainly harmed e-hospital application, which was given and operated by NIC since 2011-12. This prevents the internet operation of OPD, emergencies, and other medical care services in the AIIMS premises,” a source said.
DCP (Cyber Crime Unit) Prashant Priya Gautam said “the investigative images of affected servers have been sent to the lab for analysis. Analyses are being conducted. AIIMS management and other organizations are in process of rebuilding the service. The ransom demand has not been made public.
