Hospital falls prey to ransomware attack, hackers demand $70,000
Following the cyberattack on May 13, the healthcare services were not affected, a hospital official said

Days after KD Hospital fell prey to a ransomware attack, an FIR was filed on Tuesday at the Bopal police station. The cyberattack blocked the hospital from accessing all its online systems, including CCTV footage, patient data, hospital files, and software, people privy to the matter said.
“The ransomware attack took place at around 2 am on May 13. All server data of the hospital on its online server was encrypted. A ransom demand was made via an email by the attackers of USD 70,000 in bitcoins to decrypt the files. The servers are still down,” said AP Chaudhary, police inspector, Bopal police station.
A top source in the hospital, however, said the hospital’s online system was up and running. “Our servers – containing all our software – were down for a day but we worked manually. The servers are now up and running. We got another server for backup. The healthcare services were not affected. An NFSU (National Forensic Sciences University) team and cyber crime police are also investigating the matter. It will take another week for the audit report. Based on that, we will get to know if there were any system vulnerabilities. We might have to make some rectification in our IT infrastructure accordingly,” said the official.
The FIR has been lodged under IPC sections 384 (extortion), 511 (moral guilt and injury), and IT Act sections 43 (penalty and compensation for damage to computer, computer system) and 66 (computer related offence). The FIR was registered following a complaint from Kishor Gojiya, an IT official at the hospital.
Gojiya received a call at around 2 am on May 13, as per the FIR, from the hospital’s night supervisor Mehulbhai Bhavsar, informing him that the hospital server was down. Following a conversation with another hospital IT official, Hitesh Patel, the disruption was confirmed.
As Gojiya went to the hospital, he stated in the FIR, he realised an unidentified hackers’ group had launched a ransomware attack. He immediately disconnected the linked servers and started inspecting the damage to check if the data could be recovered. In the complaint, he also alleged the attackers “damaged very crucial data of the hospital”. He further stated the cyberattackers encrypted “all files, hospital data, and patient data”.
Later, Dr Parth Desai, Chief Operating Officer, KD Hospital, was informed, and help was sought from the NFSU, Gandhinagar.
An NSFU team was taking images of the encrypted server’s image, when a message flashed on one of the computers: “We’ve encrypted all the data of your hospital and if you want your data back, contact via the email id – goodmorningfriend@onionmail.org.”
When contact was made via email, as per the complaint, a demand was made of 70,000 USD in bitcoins. On Tuesday at around 1:21 am, another email was allegedly received by the hospital that the attackers were ready to decrease the ransom demand.
Following the latest email, the hospital lodged a complaint with the Bopal police station.