AIIMS Cyber Attack

AIIMS confirmed on November 23rd that they are victims of a ransomware attack. Data and personal details of millions of patients were encrypted. CERT-IN found out that there are no policies and cyber infrastructure was not maintained by the AIIMS IT security team. The firewall and network were not monitored and no policies were defined. 

On November 23, users noticed they could not access a significant application that controls appointments, holds patient records, and maintains reports from diagnostic tests conducted by the hospital. All India Institute of Medical Sciences (AIIMS)’s 5 servers were hacked and It is feared that the ransomware attack may also have compromised the statistics of 3–four crore patients.

The FIR stated that after two encrypted mails, there was a message: “what happened, your files are encrypted, all files are protected by a strong encryption with RSA-2048, there is no public decryption software, what is the price to repair, the price depends on how fast you can pay to us, after receiving money, we will send program and private keys to your IT department right now, do not attempt to decrypt your data after using third party software, this may result in permanent data loss, our program can repair all files in few minutes and all servers will work perfectly same as before, free decryption as a guarantee, you can send us up to three free decrypted files before ” (source: Indian Express)

For said past 30 years, the All India Institute of Medical Sciences (AIIMS) has not improved its computer and IT infrastructure. To maintain medical records before the attack, outdated hardware, outdated software, and outdated versions of the Windows operating system were being used. 

According to sources, “dog2398” and “mouse63209” are two proton mail of attackers used in cyber attacks found in the header of encrypted files. Four servers were discovered to be compromised by a cyber attack during the initial inspection by CERT-In: two application servers, one database server, and one backup server.

What is Ransomware?

A form of virus known as ransomware prohibits or restricts users' access to their systems, either by locking the system's screen or by encrypting the users' files, in exchange for a ransom. Modern ransomware families, commonly known as crypto-ransomware, encrypt particular file types on compromised systems and demand that users pay a ransom using specific different payment methods to receive a decryption key.

The Indian Council of Medical Research (ICMR) also reported that they faced 6,000 attempts in 24hrs on 30th November. There were no vulnerabilities in the server firewall of ICMR, thus the attacks failed. According to CloudSEK, the number of cyberattacks on the global healthcare business increased by 95.3% in the first four months of 2022 compared to the same time in 2021.

Cyber attacks on the Indian healthcare system are not new, AIIMS was hacked in 2017 also. Securing users' data and keeping it private and safe should be the priority. Under the Ayushman Bharat Digital Mission, India is going paperless, but cyberattacks on AIIMS and ICMR are an alert call.

Book a consultation with us.

Get the most out of your security assessment.