New Delhi: Delhi Police on Thursday filed an FIR for cyber terrorism and extortion to begin probing the hacking of AIIMS servers by foreign-based players. Multiple probe agencies have been roped in to recover the systems. This is the most significant ransomware cyber attack on a reputed medical institution in recent times. Services are still down at AIIMS and it is running on manual mode.
The extortion amount has not been disclosed yet and the hackers have reportedly left a protonmail address for AIIMS to connect with them in case they wanted to recover their systems and decrypt files, sources said. Prima facie, it appears that a weak firewall and outdated systems apart from lack of cloud-based servers made the bid, most probably by Chinese hackers, possible.
This is being considered a serious security breach as well because a majority of cabinet ministers and top politicians avail treatment at AIIMS. It is, however, unclear if any significant research or health data has been stolen as of now.
According to a Delhi Police spokesperson, an FIR was filed on Thursday in connection with the “computer incident” on the complaint of the security officer at AIIMS. “The FIR has been registered under 66F (cyber terrorism) and 66 (computer related fraud) of the Information Technology Act and section 385 (extortion) at IFSO, special cell. The matter is being investigated,” said the spokesperson.
Sources said that CERT-In (Indian Computer Emergency Response Team) and NIC (National Informatics Centre) has been assisting the cyber unit of Delhi Police’s special cell in resolving the issue. CERT-In and NIC are offices within the ministry of electronics and information technology. The former is the nodal agency to deal with cyber security threats, while the latter provides IT infrastructure apart from IT consultancy and services to central and state government departments.
NIC had earlier conveyed to the AIIMS administration that this was a ransomware attack. “Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption,” an official explained.
On Wednesday, the server for National Informatics Centre’s eHospital being used at AIIMS, Delhi was reported as ‘down’ due to which outpatient and inpatient digital hospital services, including smart lab, billing, report generation and appointment system, were affected.
“Measures are being taken to restore the digital services and support is being sought from CERT-In and NIC. AIIMS and NIC will take due precautions to prevent future such attacks,” the hospital administration has said.