Two weeks after a cyber attack crippled the servers at the All India Institute of Medical Sciences (AIIMS), the system has not been completely restored as investigators anticipate more damage if it is linked to the Internet.
The file extensions for all the physical servers of AIIMS running on Operating System Linux were changed by the ransomware attackers, a probe has found.
A senior government official told that to trace the source of the attack, investigators have a huge task of scanning 11,500 computers with a fine-tooth comb as the system will continue to be affected till then.
A First Information report (FIR) filed by the Special Cell of Delhi Police on a complaint filed by an AIIMS security officer said that the hospital had been subjected to a “deliberate” ransomware attack. The FIR states that one of the officials received three attachments from e-mail users identifying themselves as “dog” and “mouse” seeking a ransom of an unspecified amount. The users asked AIIMS officials that they could send “program and private key” to the IT department of AIIMS to “decrypt the data” and warned the officials to not use third-party software to repair the system as it may lead to permanent data loss.
The FIR added that the “Hospital Information System (HIS) of AIIMS, e-Hospital” provided and managed by the National Informatics Centre (NIC) was down and the last transaction had been recorded at 7.07 a.m. on November 23. The HIS pertains to patient records, including line of treatment.
As soon as the attack was diagnosed, NIC officials reported the incident on the toll-free number of Computer Emergency Response System-India (CERT-IN).
Another government official said the source of the attack is yet to be ascertained amid indications that it could have been launched from one of the neighbouring countries.
“Even if it is a ranswomware attack, it is not the policy of the government to pay ransoms. Agencies are probing the incident and it [the HIS] will be restored soon,” said the official.
The official added that the cyber system at AIIMS was prone to breach without adequate firewalls and safety features in place.
Earlier it is reported a hacker has allegedly demanded Rs 200 crore in cryptocurrency from the All India Institute of Medical Science (AIIMS) after it was hit by a ransomware attack on November 23, according to a report by Press Trust of India (PTI).
The Delhi police, however, have denied the report. In a Tweet on Monday night, the law enforcement agency wrote, “Some sections of the press are reporting that ransom has been demanded against restoration of @aiims_newdelhi server. No such information brought to notice by AIIMS authorities.”
AIIMS was hit by a ransomware attack on its hospital management system on 23 November morning, after which the hospital was forced to operate in manual mode. Patient care services in the emergency, outpatient, inpatient and laboratory wings have been severely impacted by the attack.
On Thursday, the hospital also said that birth and death certificates would be made manually on physical forms.
It is estimated that the data of about 3 crore to 4 crore patients could have been compromised due to the attack. This also includes data on former prime ministers, ministers, and judges.
On Thursday, the hospital also said that birth and death certificates would be made manually on physical forms.
It is estimated that the data of about 3 crore to 4 crore patients could have been compromised due to the attack. This also includes data on former prime ministers, ministers, and judges.