The “attack on the computer system” of the All India Institute of Medical Sciences in Delhi “originated from China”, government sources said on Wednesday, assuring that the data details of lakhs of patients at the premier hospital have now been retrieved.
“AIIMS Delhi server attack” was by the Chinese, FIR details that the attack had originated from China. Of 100 servers (40 physical and 60 virtual), five physical servers were successfully infiltrated by the hackers. The damage would have been far worse but is now contained. Data in the five servers have been successfully retrieved, according to Moneycontrol.
The All India Institute of Medical Sciences, Delhi allegedly faced a cyber attack last month, paralysing its servers. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25. Two of the analysts deployed to look after the servers’ securities have also been suspended for the alleged breach of cyber security. In a ransomware attack, cybercriminals lock access to data or a device and promise to unlock it after they are paid the desired ransom.
AIIMS authorities in a statement issued stated that the hospital data has been restored. “The hospital data has been restored on the servers. The network is being sanitized before the services can be restored. The process is taking some time due to the volume of data and a large number of servers/computers for the hospital services. Measures are being taken for cyber security,” they said.
“All hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode,” the statement said. Earlier this month, a special cell of Delhi Police launched an investigation into the attack on the computer system at AIIMS Delhi.
According to official sources, a team of the Central Forensic Lab (CFSL) has been pressed into service to check the infected server of the AIIMS Delhi to identify the source of the malware attack.
“It is clearly a conspiracy and it has been planned by forces that are pretty significant. It is a sophisticated ransomware attack. We will wait for the outcome of CERT-IN (Computer Emergency Response Team) and NIA (investigations) before we come to conclusion on who is behind the ransomware attack,” Minister of State for IT Rajeev Chandrasekhar had said on December 2.
The AIIMS officials told that 50 servers and 5,000 computers have been scanned using antivirus software to check if systems were bugged beforehand.
A high-level NIA team along with the India Computer Emergency Response Team (CERT-IN), Delhi Police and the ministry of home affairs are investigating the ransomware attack.
The cyber hackers also tried to attack the Indian Council of Medical Research’s (ICMR) website more than 6,000 times in a span of 24 hours on November 30.
The cyber attack was attempted on the ICMR website from a Hong Kong-based blacklisted IP address, 103.152.220.133.
“The attackers were blocked, they couldn’t succeed. We have alerted the team about it. If the firewall had some loopholes, then the attackers might have succeeded in breaching the security of the website,” a National Informatics Center official told Moneycontrol.
