The servers of All India Institute of Medical Sciences (AIIMS), New Delhi, continue to remain down after a major ransomware attack earlier this week. The servers have been down for almost a week, six days to be precise.

On November 23, the National Informatics Centre's e-Hospital's server being used at AIIMS, Delhi was down due to which outpatient and inpatient digital hospital services including, smart lab, billing, report generation, the appointment system, etc., were affected. The AIIMS officials said that all these services are now being run in manual mode. The NIC team working at AIIMS, informed that it could be a ransomware attack.


What happened in the attack?

The exploited databases contain Personally Identifiable Information (PII) of patients and healthcare workers, as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc. The cyber attack on AIIMS shut down its main and backup servers.

The attackers hacked the e-hospital service which manages the patient data system, affecting the outpatient department (OPD) and sample collection services. Those behind the cyber attack warned AIIMS to "prepare for a negotiation".

When will the servers be back?

On restoring normal services, AIIMS said in a statement that data restoration and server cleansing are in progress.

"Data restoration & server cleaning is in progress & is taking time due to the volume of data & large number of servers for hospital services. Measures being taken for cyber security. All hospital services, including outpatient, in-patient, laboratories continue to run on manual mode," AIIMS said in a statement.


Rs 200 crore ransom demand

Some reports surfaced on Monday evening claiming that hackers have allegedly demanded around Rs 200 cr in cryptocurrency from AIIMS-Delhi. However, the hospital authorities did not say anything about the ransom demand in the statement.

Amid those reports, Delhi Police issued a statement that no such demand has been brought to their notice by the AIIMS administration.

"In AIIMS Delhi Computer Incident: No Ransom Demand as being quoted by certain sections of the media has been brought to notice by AIIMS authorities," Delhi Police said in the statement.

What is the police saying?

The Intelligence Fusion and Strategic Operations (IFSO) Unit of Delhi Police's Special Cell on Friday began investigating the alleged hacking of All India Institute of Medical Sciences' (AIIMS) server, which was reported down, affecting the outpatient department (OPD) and sample collection services.

Cyber attack

According to the police, a "computer incident" had been reported by Additional Security Officer, AIIMS on the basis of which, an FIR under Section 385 of the Indian Penal Code (IPC) and Section 66-F of the Information Technology (IT) Act was registered by the IFSO.

Hackers target healthcare sector

According to CloudSEK, a massive spike in cyberattacks on healthcare organisations has been witnessed during the pandemic. Protecting patients' medical and financial information has emerged as a new challenge for healthcare organisations.

"Our research shows that in the first four months of 2022, the number of cyberattacks on the industry rose by 95.34 percent compared to the same period in 2021. The Indian healthcare sector was the second most targeted when it comes to cyberattacks worldwide," the company spokesperson said.

Petya ransomware attack

According to Indusface, an application security SaaS company, there were more than 1 million cyber attacks of various types across Indusface's global healthcare clientele. Of these, 278,000 attacks were reported in India, highlighting the vulnerabilities of the Indian healthcare sector.

In August this year, the UK's National Health Service (NHS) was hit by a ransomware attack via a third-party vendor. Advanced, which provides several products to NHS hospitals and clinics, said its systems were disrupted by a ransomware attack on August 4. Three months after the major attack wiped out NHS systems, patients' records are still missing and safety has been compromised, according to reports.

The August attack has been the most disruptive cyber-security incident on the health service since WannaCry ransomware attack in May 2017, which disrupted 80 NHS trusts and 603 NHS organisations, including 595 GP practices.

Cyber-security researchers say the most reported attacks in the healthcare industry, which rose during the pandemic, involve the leak or sale of databases on the Dark Web.