AIIMS cyberattack exposes the vulnerability of Indian healthcare

On the morning of November 23, the All India Institute of Medical Sciences (AIIMS) was hit by a cyberattack. The management of this leading medical institute said it was a ransomware attack that affected outpatient and inpatient digital hospital services, including smart lab, billing, report generation, appointment scheduling, etc.

Ransomware is a malware designed to deny a user access to files. By encrypting files and demanding a ransom for the decryption key, cyberattackers corner organisations into a position where paying the ransom are the quickest, easiest, and cheapest way to regain access to their files.

The attack, believed to be a major one, comes within a month after AIIMS announced that it would go paperless from January 1, 2023, and be fully digitised by April 2023.

In a statement issued on the evening of November 23rd, the AIIMS administration said that all services were being shifted to a manual mode.

“Today, the National Informatics Centre’s (NIC) eHospital server used at AIIMS, New Delhi, was down. Due to this outpatient and inpatient digital hospital services, including smart lab, billing, report generation, appointment scheduling, etc., have been affected. All these services are running in a manual mode currently,” the statement read.

“The NIC team at AIIMS has informed that this may be a ransomware attack and is being investigated by the appropriate law enforcement authorities. Measures are being taken to restore digital services and support is being sought from the Indian Computer Emergency Response Team (CERT-In) and the NIC. AlIMS and NIC will take due precaution to prevent future such attacks,” the statement added.

Indian healthcare a hotspot for cybercriminals

The number of cyberattacks on the Indian healthcare industry was the second highest globally in the segment, with 7.7 percent of the attacks on healthcare being witnessed in the country in 2021, according to cyber security intelligence firm CloudSEK. CloudSEK is among the entities that provide cyber threat intelligence to the Indian cybersecurity watchdog CERT-In.

"After the US, India recorded the second highest number of attacks on the healthcare industry with a total of 7.7 percent of the attacks in 2021," the report said. The attacks on the Indian healthcare industry compromised over 71 lakh records, according to the report.

Red flags

During the pandemic, tech majors like Cisco India, CrowdStrike, Cyware, and Sophos India flagged the risk of cyberattacks in the healthcare sector, affecting virtual healthcare, teleconsultations, telemedicine, wearable technology, and email.

Cyfirma, a Goldman Sachs-backed Singapore-based threat intelligence firm, reported in March 2021 that Serum Institute, Bharat Biotech, Dr Reddy’s Labs, Abbot India, Patanjali, and AIIMS were some of the Indian pharma companies and hospitals allegedly targeted by hacker groups from Russia, China, and North Korea as part of a massive global campaign to steal sensitive information related to vaccine research and trials.

Cyfirma identified 15 hacking campaigns, seven of which were from Russia, four from China, three from North Korea, and one from Iran.

Meanwhile, Indusface, a TCGF II (Tata Capital) funded SaaS security application, said in its report that there were upwards of a million cyberattacks of various types across Indusface’s global healthcare clientele. Of these, 278,000 attacks were reported in India.

Globally, cyberattacks against the healthcare industry rose by 95.35 percent in the first four months of 2022 compared to the same period in 2021. The pandemic has pushed the healthcare industry to optimise itself digitally and move to the cloud. However, that also exposes it to higher risks and renders it more vulnerable.