Ransomware attack at AIIMS: NIA suspects cyberterrorism

The All India Institute of Medical Sciences(AIIMS) in New Delhi servers are suspected of ransomware attacks on 23rd November 2022. However, the hospital authority on Monday gave notice that the services continue to take place in manual mode.

AIIMS, in a statement, said, “The servers for its e-hospital system have gone down, affecting digital hospital services such as Smart lab, billing, report generation, and appointment scheduling.” Currently, AIIMS manages over 2,500 beds.

AIIMS reported the incident to Delhi police and looked up to the assistance of the National Informatics Centre (NIC) and the Indian Computer Emergency Response(ICER) Team to recover their Digital Services. Further investigation is also joined by the National Investigation Agency(NIA), The Intelligent Bureau, the Central Bureau of Investigation(CBI), and the Ministry of Home Affairs.

On the same day, AIIMS declared that they would manually do patients’ admission, discharge, and transfer until the digital systems were back. For the time being, Cyber-terrorism, computer fraud, and the Delhi Police have reported extortion against unidentified perpetrators.

As per the cyber security measure, the internet services at AIIMS have been blocked.

There are indications that foreign actors may have been involved in the cyber hack. In the meantime, Delhi police denied reports of a ransom demand in cryptocurrency.

Technicalities of Data Breach

As per the news, Around 40 million patient records may have been exposed due to the cyber attack. It is possible that the AIIMS database got exploited, which contained sensitive patient information (PPI), ambulance records, vaccination records, caregiver records, and employee login credentials.

Meanwhile, servers of NIC e-hospital and application servers have become operational again. However, the NIC team is now scanning and cleaning the auxiliary AIIMS servers necessary to allocate hospital services.

In addition, data have been scanned and put together from the four physical servers assembled to recover e-hospital services. According to reports, the AIIMS network is also being sanitized, and 1200 out of 5000 computers have it installed. Twenty out of fifty servers are being inspected around the clock, seven days a week.

Analysis of Ransomware attack

On 25th November, Intelligence Fusion and Strategic Operations (IFSO) registered a case of shakedown and cyber terrorism. The officials stated, “The investigating agencies recommend blocking internet access on hospital computers.”

The possibility is there that the Chinese hackers might be culpable for the attack as per the belief. Cloud-based servers and a weak firewall will likely be at fault for the ransomware attack.

ESOF is a good choice for prevention from Ransomware Attacks

ESOF, an end-to-end vulnerability management platform, prevents the system from ransomware attacks. TAC Security’s products, ESOF AppSec and ESOF VMDR give an extensive view of risks, threats, and vulnerabilities that organizations need in today’s time. 

ESOF products assist in preventing your complete IT infrastructure from vulnerabilities:-

ESOF AppSec

• Having ESOF Scanners, tests are carried out on Black Boxes and Grey Boxes, giving exact outcomes and diminishing many false positives.
• It discovers the most critical vulnerabilities and vulnerable assets across your web and mobile apps.
• The cyber Risk Score feature will save you time and hours from reading lengthy reports. Therefore, helping you in enhancing your security posture.

ESOF VMDR

• ESOF VMDR helps find the system’s hidden vulnerabilities and segregates the ones considered high risk.
• By auto-prioritization and auto-remediation quickly reduces critical vulnerabilities.
• Discovers the vulnerable assets, OWASP, and SANS vulnerabilities.
• The one-click notification feature helps detect if your asset has zero-day vulnerabilities in real time.

Protecting your privacy is our Top Priority.

To Know more about our products

Download the Datasheets of Now!