The AIIMS Delhi server attack that jeopardised data was by Chinese firms, government sources said. Details in an FIR related to the case showed that the attack originated in China.
Of the 100 servers (40 physical and 60 virtual), five physical servers were successfully infiltrated by the hackers, they added.
“The damage would have been far worse but now contained. Data in the five servers have been successfully retrieved now,” the sources said.
An official from AIIMS told Moneycontrol that 4-5 servers from the hospital were confiscated by National Intelligence Agency (NIA) officials. Further, a robust cybersecurity system for the future is currently being installed in all the operating systems of AIIMS.
Moneycontrol reached out to Delhi police's special cell, which is also part of the investigation team for details of the FIR, but the officials didn't respond.
An AIIMS official in the know said the gradual resumption of online facilities for patients started on the campus.
"The online appointment facility along with spot registration has begun in a phased manner, but the ward and admission co-ordinations have not started," said the official.
Also read : After AIIMS, hackers attack ICMR website 6,000 times in a day
The online facility for pathology labs was yet to start, the official added.
Earlier, two system analysts working at AIIMS Delhi were suspended after a ransomware attack crippled the online operations of one of India's most prestigious hospitals.
The suspended analysts were earlier given the show cause notice.
The AIIMS officials told Moneycontrol that 50 servers and 5,000 computers have been scanned using antivirus software to check if systems were bugged beforehand.
Also read: AIIMS ransomware attack: Two system analysts suspended as officials scan 50 servers, 5K computers
A high-level NIA team along with the India Computer Emergency Response Team (CERT-IN), Delhi Police and the ministry of home affairs are investigating the ransomware attack.
The cyber hackers also tried to attack the Indian Council of Medical Research’s (ICMR) website more than 6,000 times in a span of 24 hours on November 30.
The cyber attack was attempted on the ICMR website from a Hong Kong-based blacklisted IP address, 103.152.220.133.
“The attackers were blocked, they couldn't succeed. We have alerted the team about it. If the firewall had some loopholes, then the attackers might have succeeded in breaching the security of the website," a National Informatics Centre official told Moneycontrol.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
