The IFSO unit of Delhi Police has registered a complaint against unknown persons on a complaint filed by the premier medical institute's Assistant Security Officer, the police said. The cyberattack has affected basic daily operations such as appointments, patient registrations and admissions and billing systems, at one of the biggest state-owned hospitals. "With the server being down, the outpatient and inpatient digital hospital services, including smart lab, billing, report generation and appointment system, among others have been affected," AIIMS said in a statement.
‘Chinese connection’ likely
“Prima facie, it appears that a weak firewall and outdated systems apart from lack of cloud-based servers made the bid, most probably by Chinese hackers possible,” say officials. Information on whether any significant research or health data has been stolen is not yet available.
AIIMS officials have confirmed that this was a ransomware attack – a type of cyber hacking in which a cyberattacker deployed ransomware or malicious software in the victim’s systems that encrypts the data. The attacker then asks for a “ransom” to restore access for the victim.
The server of AIIMS Delhi faced malfunctioning since 7 am yesterday, in the evening the hospital in a statement said the National Infomatics Centre was working to restore the system and "has informed that this may be a ransomware attack... (which) will be investigated by the appropriate authorities".
"AIIMS and NIC will take precautions to prevent such future attacks," the hospital said in a statement. Ransomware is malicious software designed to deny a user or organisation access to files on their computer. In most cases, cyber attackers demand a ransom to allow access to the files.
NIC, Cert-In helping to restore services
AIIMS reported the massive cyber attack on Wednesday (November 23) and said that all patient care services have been badly impacted since 7 am. The hospital authorities confirmed that the server for National Informatics Centre's eHospital being used is down. National Information Centre (NIC), along with CERT-In, are helping in the restoration of services.
Citing sources, a media report said that the extortion amount has not been disclosed by the hackers yet. Furthemore, the cyberattackers have reportedly given a protonmail address for the authorities to connect with them to recover system data and decrypt files. They have reportedly modified the extensions of infected files.
Following the cyberattack, admission, discharge and transfer are being done manually at AIIMS. Furthermore, death/birth certificates are being manually prepared, as per instruction from the working committee.