A cyber attack by cyber fraudsters on the servers of the All India Institute of Medical Sciences (AIIMS), Delhi, has put the personal information of millions of patients at stake. It has been nine days since then, but the medical institution has still not come online, and all its servers are now being run in a manual mode.
What happened in AIIMS?
According to reports, a total of five servers at the hospital were attacked, and the cyber attack is suspected to have been carried out by Chinese hackers. The case is now being investigated by a special cell of the Delhi police - Intelligence Fusion and Strategic Operations - along with a joint team of the Central Forensic Lab in Delhi and Mumbai and the National Investigation Agency.
According to various reports, several lapses enabled the entry of hackers into the AIIMS server. A report by News 18 claims that the ransomware entered the system a few months ago when someone clicked on a gaming or similar site.
The officials claim that the reason it took so much time to clean the system was that the hackers had infected not only the main server but also the systems of other AIIMS centres in Delhi. The hijackers entered the primary server and moved to the backup server to encrypt the data. Due to this, services were closed, as only the hackers could access the data.
AIIMS has over 40 physical and 100 virtual servers, of which five have been infected with the ransomware. These servers are being scanned, new and advanced antivirus software is being installed on the 2,400 computers, and the hospital is purchasing new servers with updated configurations. The servers are expected to be restored online from December 6, 2022 in a phased manner.
The data of about 3-4 crore patients is feared to have been compromised, and the stolen data is likely to be sold on the dark web, which is a hidden part of the internet. The stolen data includes details of VVIPs like politicians and celebrities. However, IFSO officials claim that no data has been lost. But, due to the rumours going around, the dark web has already seen over 1,600 searches for the stolen data.
Attack on healthcare facilities
This is just one attempt that came to light, there have been nearly 1.9 million cyber-attacks recorded on the Indian healthcare network this year alone. According to a report, the majority of these attacks are from countries like Pakistan, China, and Vietnam.
The healthcare-based threat intelligence sensor network saw a surge in cyber attacks between January and November 28, with a total of 18,46,712 hits, of which 41,181 unique IP addresses are from countries like China, Pakistan, and Vietnam.
The cyber attacks on healthcare facilities in India have been rising in recent years and the pandemic only increased the cases. These attacks can put lives at stake. A single attack on AIIMS created chaos with long queues at OPDs, diagnostic centres, and billing counters as the hospital was only running in manual mode. There have been cases where, due to a ransomware attack, chemotherapy treatments have been delayed and ambulances have been diverted.
These attacks have also caused deaths, the first being in 2021, when a mother in the US filed a 'death by ransomware' lawsuit, blaming the hacking for causing fatal damage to her newborn after the heart rate monitors failed due to the attack.
Attacks from China
The cyber attacks from China have seen an increase since May 2020, when Chinese hacker groups were regularly targeting Indian public sector companies.
IT started with the RedEcho Chinese hacker group who were targeting Indian power sector networks and seaports. The group is part of the Chinese military intelligence unit based in Urumqi, in northwestern China.
Later, a second hacking group called RedFoxtrot with a China-link was identified. This group was targeting Indian telecom companies, defence contractors, and government agencies.
One of the most major attacks was in April 2022, when Chinese hackers targeted 7 Indian power grid hubs in north India. They had also made an attempt to hack into electricity distribution centres near Ladakh, but were not successful.
The second major attack was in Mumbai on October 12, 2022, when the city was on a complete shut down. Due to the severe blackout, local trains were halted, stock markets and hospitals were shut down for almost 10 to 12 hours. This was due to the attack by the RedEcho.
There have also been attacks on the Unique Identification Authority of India's database and vaccine manufacturing unit.
The key reason for these attacks is to snoop or carry out espionage activities. These groups can also use the data in future escalations between the two countries.
Now it seems they are shifting their focus to the healthcare sector.
