Cyberattack on Indian Healthcare sector

In the recent ransomware attack on November 23, the primary and the first backup servers were corrupted bringing India’s most prestigious hospital AIIMS to a standstill disrupting regular works, including appointments and registration, billing, laboratory report generation etc. As per the institute, a ransomware attack has corrupted all the files stored on the main and backup servers of the hospital.

After the nefarious cyberattack on All India Institute of Medical Sciences, Delhi, the hospital has issued an internal video guide to help its doctors, faculty members and other staff to install the prescribed security software in their systems.

Most of its servers stopped working as also the eHospital network managed by the National Informatics Centre. All functions including the emergency, out-patient, in-patient and laboratory wings had to be shifted to manual management. AIIMS cyberattack is a wake-up call for national security.

The National Investigation Agency sent a team to AIIMS on November 25. Besides CERT-in and NIC teams, a team from the Defence Research and Development Organisation is also looking into the matter. The Delhi Police, Intelligence Bureau, Central Bureau of Investigation and the Ministry of Home Affairs are also probing the incident.

Sources said, all these IT related works are being operated by professional Doctors but not the Technology experts. AIIMS-Delhi has 40 physical servers and 100 virtual servers and about 10,000 computers and not all of them have updated anti-virus applications and does not have a centralized network security operation centre from where agencies involved in the process of restoring work can run. Of these, five servers have been infected as a result of the cyber-attack. These five servers hosted data of approximately 3-4 crore patients.

In light of the recent cyberattack on the institute, it is requested that—no router/hub etc should be connected to the AIIMS network port by any user, no computer system (desktop) or laptop etc, which is on AIIMS LAN may be connected to a mobile hotspot, an order issued by Dr Vivek Gupta, additional professor and assistant faculty, computer facility, AIIMS. A question arises, did AIIMS follow a cyber hygiene ecosystem similar to what it would want its patients to follow in the real world?

As per media reports, hackers have allegedly demanded approximately Rs 200 crore in cryptocurrency to decrypt the data. The cyberattack comes within a month after AIIMS announced that it would go paperless from next year. Experts have been warning since ages, going entirely paperless is the most dangerous thing, which one can ever think of. It is all about challenging a smart and intelligent hacker.

The healthcare industry in India faced nearly 1.9 million cyber attacks this year till November 28, as per data published by cybersecurity think tank CyberPeace Foundation. The attacks came from a total of 41,181 unique IP addresses, traced back to countries including Vietnam, Pakistan and China.

The data breach has reportedly compromised the data of nearly 3–4 crore patients, including sensitive data and medical records of VIPs. Several VIPs, including former prime ministers, ministers, bureaucrats, and judges, had their data stored.

Around 38 lakh patients get treated at AIIMS every year. All their data is lost now. AIIMS said in a statement that “all hospital services, including out-patient, in-patient, laboratories etc continue to run on manual mode”.

A report says, the vulnerable Internet-facing systems having Remote Desktop Protocol (RDP), vulnerable SMB and Database services enabled, and old Windows server Platforms were mostly attacked. The attackers also tried to inject malicious payloads into the network.

The deployed network has captured a total of 1,527 unique payloads belonging to Trojan and ransomware, etc. As per the source, the data backup has been completed, and AIIMS may take the final call on bringing back fully all systems online

There is also no clarity whether the critical database containing patient records and test reports can be retrieved.

S Mohini Ratna, Editor, VARINDIA