Two system analysts working at All India Institute of Medical Sciences (AIIMS) Delhi have been suspended after a ransomware attack crippled the online operations of one of India's most prestigious hospitals.
The suspended analysts were earlier given the show cause notice
AIIMS officials told Moneycontrol that 50 servers and 5,000 computers are being scanned using antivirus software to check if systems were bugged beforehand.
“Nearly 30 out of around 50 servers and over 1,500 out of about 5,000 endpoint computers have been scanned using antivirus and the activity is ongoing,” an AIIMS official told Moneycontrol.
Also Read | AIIMS servers remain down; no demand for ransom, say cops
The servers of AIIMS have been out of order for over a week now after a ransomware attack affected all the hospital’s online operations. The official said it will “take some time” for the systems to get back to normal.
All the hospital’s services, including outpatient and inpatient departments and laboratories, are functioning in manual mode.
A National Informatics Centre official said its high-level team along with the India Computer Emergency Response Team (CERT-IN) and the ministry of home affairs are investigating the ransomware attack.
The AIIMS official said four servers arranged for restoring e-hospital services have been scanned and prepared for the databases and applications.
“Restoration of the main e-hospital database backup is in progress. The Laboratory Information System (LIS) database and other dependent databases have been restored,” the official said.
Large data volume
AIIMS denied reports the hackers demanded payment of Rs 200 crore in cryptocurrency to restore the systems.
“The data restoration and server cleaning is in progress and is taking some time due to the volume of data and large number of servers for the hospital services. Measures are being taken for cyber security,” AIIMS said in an official statement.
AIIMS serves an estimated 1.5 million outpatients and 80,000 inpatients every year, according to some reports.
According to another AIIMS official, the restoration is being carried out in a phased manner.
The AIIMS official said additional staff is being deployed to manage patient care.
“There were some issues detected in the in-patient discharge facility – that has been sorted out. We have deployed extra manpower, also staff members are doing overtime to nullify the gaps,” the official said.
Patient care getting affected
An AIIMS official said that the institute normally sees a patient load of over 30,000 daily, but that has come down to 5000 a day due to operations functioning in manual mode.
M. Srinivas, the AIIMS Director, didn't respond to questions of extortion demand.
When asked if the AIIMS administration had a set a deadline for solving this problem, Srinivas remained silent.
Laxmi, a cancer patient, said the medicines weren't being disbursed because of server being hacked.
"I have been regularly getting my medicines from here, today I was told that medicine can't be given as the online operations are closed," she added.
Rajesh from Ghazipur, Uttar Pradesh said his crucial test reports are getting delayed due to systems failure and that is becoming additional burden.
Augmenting cybersecurity
Hansika Saxena, Senior Cyber Intelligence Analyst said cyberattacks, including ransomware attacks on the healthcare industry, are extremely severe and can have catastrophic impact on everyone including healthcare organizations, staff, and patients.
"In terms of financial losses, cyberattacks such as wire fraud and extortion cause monetary loss. Healthcare institutions may also have to pay for the damage caused to the individual and they can also face legal ramifications," she said.
Saxena said in most cases, either the company pays the asked ransom and gets their data back but the negotiations can take at least a week or beyond that.
Former national cyber security coordinator, Gulshan Rai, who has tracked the growth of digital infrastructure at the premier health institution since 1988 said that given the glaring loopholes, the episode like the current one could have happened long ago.
“There are problems such as dependence on old versions of system and application software, poor hygiene and issues related to lack of clear cut ownership and skills required to run the system efficiently, connectivity of sensitive utilities and lack of cyber security arrangements, for instance,” he said.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
