AIIMS servers hacked, services being managed manually

All India Institute of Medical Sciences (AIIMS) servers were targeted by suspected Chinese hackers in what is being called a massive ransomware attack. The digital services at the country’s premier healthcare institution have been down since Wednesday (November 23) morning.

Various government agencies are probing the incident of the AIIMS-Delhi's server remaining out of service for the second consecutive day. Amid the cyber security scare, all emergency, routine patient care and laboratory services are being managed manually, according to a statement issued by AIIMS.

AIIMS officials have confirmed that this was a ransomware attack – a type of cyber hacking where a malware or malicious software is designed to block a user or organisation from accessing files on their computer, usually by encrypting it. The attacker then asks for a “ransom” to restore access for the victim.

With the server being down, the outpatient and inpatient digital hospital services, including smart lab, billing, report generation and the appointment system, remained affected, an AIIMS official said. Following the cyber-attack, admission, discharge and transfer are being done manually at AIIMS. Furthermore, death/birth certificates are being manually prepared, as per instruction from the working committee.

Four physical servers arranged for restoring e-Hospital services have been scanned and prepared for the databases and applications, said news reports. Another source said 15 out of around 50 servers and 400 out of around 5,000 endpoint computers have been scanned using antivirus, and the activity is ongoing.

"Internet services have been blocked on the recommendations of the investigating agencies," said news reports quoting sources.

According to sources, India Computer Emergency Response Team (CERT-IN), Delhi Police, Intelligence Bureau, Central Bureau of Investigation (CBI) and Ministry of Home Affairs (MHA) representatives are probing the incident. The National Investigation Agency (NA) has also joined in the investigation, said sources.

Delhi Police have registered a case against unknown persons in the cyber-attack against AIIMS-Delhi servers which have been down for three days. After they came to know about the attack, the hospital authorities approached the south district police which then transferred the matter to the Intelligence Fusion and Strategic Operations (IFSO) unit of Delhi Police.

Earlier this year, a report by cyber threat intelligence CloudSEK said that the Indian healthcare industry has received the second highest cyber-attacks globally and they have compromised over 71 lakh records. "After the US, India recorded the second highest number of attacks on the healthcare industry with a total of 7.7 percent of the attacks in 2021," the report said.

CloudSEK is among the companies that provide cyber threat intelligence to CERT-in – India’s nodal agency for responding to computer security incidents. Earlier this year, CERT-in said in its report that it has observed a 51% increase in ransomware incidents in the country in the first half of this year.