In today’s world, data is an important asset that runs states, institutes, and nations. One of the prestigious public health institutes of India, AIIMS (All India Institute of Medical Sciences) Delhi server is out of commission for the sixth consecutive day. the institute announced to go paperless from 1st January 2023, and digitize their entire system by April 2023. While the server is hacked by cybercriminals, hundreds and thousands of patients under the critical care of the medical institute are stalled. The patient care services in outpatient, emergency, inpatient, and laboratory wings are managed manually as the e-server is down. Members of the Ministry of Home Affairs, Delhi Police, and the Indian Computer Emergency Response Team (CERT-IN) are looking into the ransomware attack.
AIIMS Under Cyber Attack: What is at Stake?
The cyberattack has frozen the e-hospital system of the AIIMS institute in New Delhi. This includes registration at OPD (outpatient departments), and appointments, billing of IPD (inpatient departments), smart lab, and laboratory report generation. The hacks have led to errors in handling major emergency cases along with long queues of critical patients. According to the AIIMS institute, a ransomware attack has destroyed all files present in the main server and backup server of the hospital.
The hackers have taken hold of four crore patient profiles which include medical records of VIPs, and sensitive data of patients. The databases under the exploitation consist of personally identifiable information of healthcare workers and patients, blood donors’ administrative records, vaccinations, employee login credentials, caregivers, ambulances, and many more. The threat and risk of the attack are huge, which has led Delhi Police, the Ministry of Home Affairs, and the Computer Emergency Response Team to work together in the case. However, it’s the sixth day, and the server is still under the hackers.
Cyber Attacks in the Healthcare Industry of India
Within one month of the AIIMS announcement to go paperless, the e-server is frozen by the ransomware attack where the attackers are now demanding a sum of Rs 200 crore worth of cryptocurrencies. According to CloudSEK (the cyber threat authorities of India), AIIMS is not the only case as the healthcare industry in India is a major target of cybercriminals.
During the pandemic, the industry has witnessed a huge increase in cyberattacks. The study states that “in the first quarter of 2022, the cyberattacks on the healthcare industry increased by 95.34% compared to 2021”. A software security company, Indusface shares that there were more than one million cyber attacks of several types across the global healthcare clientele of Indusface. Among these attacks, 278000 attacks were reported only from India.
Hackers Demand Rs200 Crore Worth of Cryptocurrencies
On November 25th, the Intelligence Fusion, and Strategic Operations (IFSO) unit of Delhi reported a case of extortion and cyber terrorism. The internet services are blocked on the hospital computers after orders from the investigating agencies. There are several patient data stored on the server including ministers, bureaucrats, prime ministers, and judges. One of the sources informed that the hackers have demanded Rs 200 crore worth of cryptocurrencies.
On the other hand, the e-hospital database and application server of NIC for e-hospitals is restored. The team of NIC is scanning and cleaning the virus from other e-servers of the AIIMS institute, which are responsible for the hospital services delivery. The four physical servers are arranged for restoring e-hospital services requires for scanning and preparing the applications and database of the hospital.
The sanitization of the AIIMS network is under work. For computers, and servers, antivirus solutions have been organized. Out of five thousand computers of the institute, twelve hundred computers have already been sanitized and installed with antivirus solutions. Out of fifty servers, twenty have been scanned. The investigators are working day and night. According to the sources, “it will take five more days to sanitize the entire process. The e-hospital functionalities will be released in phases. The patient care services are for now carried in a manual mode”.
How Can You Prevent Cyber Attacks?
The general public lack knowledge about cyber threats and the majority of them have no idea about what value their private data holds, and what can take place if it reaches bad hands. The common knowledge among Indian citizens is not to share their Aadar or PAN numbers. However, it is still available with organizations, workstations, banks, etc. any unregulated access can help the hackers steal their identity and conduct financial frauds thereby forcign an individual to conduct crimes and similar illicit activities.
Now that AIIMS is under a ransomware attack, how it secures online information? According to Dr. Subhasish Giri, MD of Rajiv Gandhi Superspeciality Hospital, and Guru Tegh Bahadur Hospital states “the AIIMS attack has made sensitive data vulnerable, which is why keeping the information safe is a huge challenge. High-protection passwords and updated security measures are essential to incorporate in order to minimize the possibility of hacking. Hospital Information Management Solution will share proper guidelines to ensure high cybersecurity”.
A huge data breach and ransomware attack at the AIIMS institute Delhi has called upon challenges of keeping online sensitive data safe. Preventive measures are not enough for India to build a high defense system on cyber security. Awareness, Knowledge, and proper guideline are the need of the hour to protect top institutes and businesses from similar worse ransomware attacks.