The recent cyber attack at All India Institute of Medical Sciences – Delhi (AIIMS) crippled offline patient services such as appointment booking, billing and diagnostics reporting.
The suspected ransomware attack left both the patients and doctors unable to access records or test reports.
According to the Delhi Police sources, this cyber attack may have been perpetrated from outside India.
Further, cyber experts have pointed out the similarities between AIIMS ransomware attack and the Optus and Medibank data breach.
Earlier this month in Australia, a ransomware group with links to a Russian-speaking operator known as REvil began leaking medical records of Medibank’s customers after the firm refused to pay a ransom.
Experts add that this cyber security breach could mean a bigger problem for AIIMS if the precious medical and personal data of millions of people accessed by the attacker ends up in the open market.
AIIMS staff said some of the infected computers had a message demanding payment in cryptocurrency in exchange for a key that would decrypt the data.
AIIMS said in an update:
“Various government agencies are investigating and supporting AIIMS in bringing back the digital patient care services. We hope to be able to restore the affected activities soon.”
Meanwhile, the Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) cell filed an FIR invoking sections of cyber terrorism (IT Act, section 66F) against unknown persons.
The teams from National Informatics Centre (NIC) and Computer Emergency Response Team (CERT-In) have attempted to restore the network.
Lieutenant General Rajesh Pant, who is the National Cyber Security Coordinator, told media:
“Remedial action is in progress… [systems are] likely to be restored today.”
This is the first instance of a major Indian hospital being affected by a ransomware attack and there is a huge risk of AIIMS research data being affected.