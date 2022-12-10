scorecardresearch
Friday, Dec 09, 2022

The worry: AIIMS breach may hit its linked centres

AIIMS-Delhi has a huge network of about 100 servers and it is now known that it was a Windows server that was first breached and encrypted by hackers on November 23, bringing computerised services in the country’s premier medical institute to a grinding halt.

THERE IS growing concern in the cyber-security establishment over the ransomware attack on servers of AIIMS-Delhi on November 23 with top Government sources telling The Indian Express that the breach, “in all likelihood”, could have a cascading effect on AIIMS facilities in other cities and more hospitals connected on the network.

Multiple cyber-security agencies, led by the Computer Emergency Response Team (CERT-IN), are scouring over network logs to analyse in which AIIMS units or hospitals the contagion could possibly spread. Senior officials said there was “likely” to be a spread, but there were no reports as yet of any impact on systems in other cities.

Early in the ongoing “incident response”, officials said, it was discovered that AIIMS-Delhi was using a 2007 Windows  version of “poor configuration” with its architecture handled and expanded by an in-house team.

The National Informatics Center (NIC) has now been called in to create a “model” computer architecture for AIIMS and other hospitals, especially since there has been an uptick in cyberattacks on medical infrastructure in the country, including Covid-vaccine research centres.

The other worrisome admission made by top officials is that though the AIIMS cyber strike was now over two weeks old, there was a “predictable scenario” of it being categorised as a “double extortion” ransomware attack.

A “double extortion” ransomware attack is one in which high-value data is first encrypted by the attacker and later, either a ransom is demanded or the data is sold or put out in parcels on other networks.

The Indian Express had reported on December 3 that a preliminary investigation by CERT-IN found that the cyberattack originated from another country, and could possibly have involved “a foreign state actor”.

The incident marked one of the most high-profile data breaches targeting a Government-backed entity in the country, compromising the records of nearly 3-4 crore patients including high-profile political personalities.

First published on: 10-12-2022 at 04:41:15 am
