Trends

AIIMS delhi server facility resumes 2 weeks after ransomware attack

According to officials, the AIIMS facility will be fully operational in the coming days. Some registrations at the new Rajkumari Amrita Kaur (RAK) OPD and trauma centre have already been completed via the server.

According to official sources on Tuesday, the online appointment system is still down, and also laboratory services are still being run manually. However, new patients visiting the OPD at the AIIMS in Delhi can now register online.
They claimed that the city’s top hospital servers were essentially down for most of the day.

According to an official source, the integration of the intelligent lab is being worked on for samples collected from all wards and collection areas for automated analysis and reporting. Organizations such as CERT, BEL, and DRDO are on the ground assisting with the rollout. “The registration and admission processes for the outpatient department (OPD) were brought online in the e-Hospital system yesterday (Monday),” the source said.

According to sources, the All India Institute of Medical Sciences in Delhi was subjected to a cyber attack on November 23 that rendered its servers inoperable. The Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) division have filed an extortion and cyberterrorism case.

According to sources, internet services were restricted following the investigation agencies’ recommendations.

CERT-In, the Delhi cyber crime particular cell, the Indian Cybercrime Coordination Centre, also the Intelligence Bureau, the Central Bureau of Investigation,also the National Investigation Agency, and others are investigating the incident.

According to information provided by AIIMS authorities last week, the e-Hospital data had been restored on the servers. They claimed the network was being cleaned before the services could be resumed.

The process took time due to the data and the numerous servers and computers. According to AIIMS, steps are being taken to ensure cyber security.

The AIIMS’s National Informatics Centre (NIC) hospital uses 24 servers for various hospital modules, and four of these servers—the primary and secondary database servers of eHospital, the primary application server, and the primary database server for the laboratory information system (LIS)—were infected with ransomware, according to official sources.

Later, the elastic search virtual server was found to contain ransomware. They claimed that all infected servers had been isolated.

Backups of the LIS and hospital databases were taken and scanned on external hard drives. Four new physical servers, including two from outside organizations, were set up to restore the hospital applications.

AIIMS Delhi services hit due to ransomware attack on server

These applications (eHospital and LIS) and databases have been restored on these four new servers, which have been scanned and have access to the data. According to official sources, these servers are located in the computer facility and part of a separate network.

On these four servers, the firewall and checkpoint have been configured. Four additional servers’ NIC applications were scanned. Two of these servers were infected with viruses.

Three new servers were purchased using NICSI. The NIC has set up eight virtualized servers and a sub-replica 2 in the Centre for Dental Education and Research (CDER), AIIMS, where the hospital backup was previously restored. NICSI delivered two more servers to us today.

According to the sources, the affected servers were physically removed from the server room as directed by the Delhi Police.

The organizations working to recover the servers include CERT, BEL, and DRDO.

According to an official source, the integration of the intelligent lab is being worked on for samples collected from all wards and collection areas for automated analysis and reporting. Organizations such as CERT, BEL, and DRDO are on the ground assisting with the rollout. “The registration and admission processes for the outpatient department (OPD) were brought online in the eHospital system yesterday (Monday),” according to the source.

According to sources, the All India Institute of current Medical Sciences in Delhi was subjected to a cyber attack on November 23 that rendered its servers inoperable.

The Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) division has filed an extortion and cyberterrorism case.

According to sources, internet services were restricted in accordance with the investigation agencies’ recommendations.

CERT-In, the Delhi cybercrime special cell, the Indian Cybercrime Coordination Centre, the Intelligence Bureau, the Central Bureau of Investigation, the National Investigation Agency, and others are investigating the incident.

According to information provided by AIIMS authorities last week, the e-Hospital data had been restored on the servers.

They claimed that the network was being cleaned up before the services could be resumed.

The process was taking some time due to the amount of data and the numerous servers and computers.
According to AIIMS, steps are being taken to ensure cyber security.

The AIIMS’s National Informatics Centre (NIC) eHospital uses 24 servers for various hospital modules, and four of these servers—the primary and secondary database servers of eHospital, the primary application server, and the primary database server for the laboratory information system (LIS)—were infected with ransomware, according to official sources.

Later, the elastic search virtual server was found to contain ransomware. They claimed that all infected servers had been isolated. Backups of the LIS and eHospital databases were taken and scanned on external hard drives.
Four new physical servers, including two from outside organizations, were set up to restore the eHospital applications.

These applications (eHospital and LIS) and databases have been restored on these four new servers, which have been scanned and have access to the data. According to official sources, these servers are located in the computer facility and part of a separate network.

AIIMS Delhi Server Outage Affects Doctors And Patients Following The Ransomeware Attack - Tech

On these four servers, the firewall and checkpoint have been configured. Four more NIC application servers were scanned. Viruses were discovered in two of these servers.

Three new servers were purchased using NICSI. The NIC has set up eight virtualized servers and a sub-replica 2 in the Centre for Dental Education and Research (CDER), AIIMS, where the eHospital backup was previously restored. NICSI delivered two more servers to us today. According to the sources, the affected servers were physically removed from the server room as directed by the Delhi Police.

The cyberattack on the AIIMS serves as a wake-up call for national security.

Such attacks have privacy and security implications, emphasizing the importance of developing and implementing a national cyber security strategy.

A major cyberattack crippled the country’s premier medical institute, the main All India Institute of Medical Sciences New Delhi (AIIMS), on November 23 of this year. The current majority of its servers, as well as the National Informatics Center’s eHospital network, ceased to function (NIC).

All operations, including those in the main emergency, outpatient, inpatient, and laboratory wings, had to be managed manually. This has also been happening for more than a week, as most of the institute’s servers were cleaned up and restored after the impacted servers were discovered.

The Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) unit, which opened an extortion and cyberterrorism case on November 25, denied that AIIMS had reported a demand for Rs 200 crores in cryptocurrency, as is typical of a ransomware attack. As a result, determining the cause of the attack and reviewing cyber security readiness across main organizations and systems become more critical.

Cyber attacks on current medical institutions are becoming more common as hackers, and criminal gangs realize how reliant these institutions were also on digital systems to store and manage vast amounts of patient data, including their reports, and also to manage medical functioning optimally.

The pandemic has marked a watershed moment in this trend. In this situation, both security and privacy concerns emerge. Because of this, the majority of nations classify the main health and medical industries as critical information (CI) infrastructures.

Even though health is not specifically listed as a CI in India, organizations such as AIIMS New Delhi may be considered “strategic and public enterprises” because they care for millions of patients, including top government officials, and treat approximately 38 lakh patients per year.

It also manages and stores highly sensitive medical research data. Because the information available here is more valuable than even oil, it is an obvious target for cybercriminals and those seeking ransom. The critical question is whether the system’s tens of thousands of servers and other devices were managed under the highest cyber security standards, and whether solutions and disaster recovery plans were in place.

Did the CERTIn-mandated cyber network audits also show that everything was in order? Did AIIMS maintain a standard of cyber hygiene comparable to what it would expect its patients to keep in the real world?

Such attacks are typically carried out by ransomware-seeking entities in order to prevent networks from functioning after encrypting data. Demands are sent to organizations, which are frequently negotiated and paid without informing law enforcement.

AIIMS Delhi Server Down, Suspected Ransomware Attack Puts Systems On Manual Mode

In this case, both the NIC and AIIMS reported the outage on the first day, bringing it to public attention. Since then, a number of agencies, including the Delhi Police, have joined forces to investigate the incident and try to find the perpetrators, as well as recover and restore the networks. The Delhi Police used the provisions of section 66(F) of the Information Technology Amendment Act 2008 to classify this incident as a case of cyber terrorism, which is significant and suggests a much broader scope than a main typical ransomware case.

The fact that the AIIMS servers held vital health information for several people in charge of the nation’s government cannot be ignored. The attack could have had a much deeper purpose than simply demanding ransom. Cyberattacks on critical infrastructure have national security implications as well.

While this incident serves as another reminder for businesses of all sizes to strengthen their cyber security protocols, it is also critical to advance and publicize the national cyber security strategy first mentioned by the prime minister a few years ago. This strategy will also serve as a road map for inspiring and monitoring institutes’ level of cyber readiness and building their capacity in areas such as forensics, precise attribution, and collaboration.

Various ministries must allocate significant budgets to ensure that cyber security measures are not the last priority. To address increasingly sophisticated threats and attacks, the National Critical Information Infrastructure Protection Centre (NCIIPC) and CERTIn must be strengthened, and sectoral CERTs for many industries, including the health sector, must be established. Stronger international cooperation is required to combat cyberattacks, in addition to the Group of current Governmental Experts (GGE) meetings and the 37-nation Counter Ransomware Initiative (CRI) led by the United States.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button