#NewsBytesExplainer: The cyberattack that stunned AIIMS Delhi and its aftermath
What's the story
Life has come to a standstill at India's premier hospital, All India Institute of Medical Sciences (AIIMS), Delhi. The institute has been without internet, and everything is now done manually, all thanks to a cyberattack on Wednesday.
Experts believe that ransomware is behind this first major cyberattack on any medical database in India.
Let's take a look at what went wrong at AIIMS Delhi.
Context
Why does this story matter?
Does the ransomware attack on AIIMS remind you of something? Earlier this year, a software supplier to the UK's National Health Service (NHS) was the target of a ransomware attack that rendered medical services across the country inaccessible.
Cyberattacks on health bodies seem to be on the rise again. Considering the amount of sensitive information at stake, they should be dealt with properly.
Attack
Severs have been down since 7 am on Wednesday
AIIMS Delhi woke up to malfunctioning servers on Wednesday morning. The servers have been down since 7 am on Wednesday, and they aren't up yet.
It was the National Informatics Centre (NIC) that put forth the idea that the attackers may have used ransomware to bring the hospital's servers down.
The NIC has been working on bringing the servers back up since then.
Ransomware
What is ransomware?
Ransomware is malware that uses asymmetric encryption. It employs encryption to hold the victim's information at ransom.
In AIIMS's case, its database is held at ransom, and everyone has been locked out of the database. To get access to the database and servers, attackers demand ransom.
If the user doesn't pay the ransom, typically, the files and associated data will be lost forever.
Down
Routine, emergency, and laboratory services done manually now
At AIIMS Delhi, NIC's e-Hospital is responsible for running the patient data system and day-to-day activities, including OPD registrations and generating blood sample reports, among others. All of these services have been down since Wednesday morning.
Other outpatient and inpatient digital services, including smart lab, billing, report generation, and appointment system, are also down.
All routine, emergency, and laboratory services are being managed manually.
Reason
AIIMS has weak antivirus software and firewalls: Report
One would imagine that the country's best hospital will have the best security in place. AIIMS may have that in the physical space but certainly not in cyberspace.
According to CNN-News18, AIIMS's systems have weak antivirus software and firewalls, making the servers susceptible to an attack.
It seems that neither AIIMS nor NIC paid enough attention to upgrading the security of its systems.
Leaked data
Attacked systems hold confidential data, information about new research
We are unsure about the extent of data that attackers have in their custody. The building where the attacked systems were located catered to VIPs and VVIPs.
As per sources, the systems hold confidential data and information about the latest research and developments.
If this was indeed a ransomware attack, we can expect the attackers to threaten to destroy or leak the data.
Probe
A multi-agency probe is going on
Soon after the attack, the Delhi Police registered a case, which was then transferred to its Intelligence Fusion and Strategic Operations unit.
Now, multiple national agencies are involved in the probe along with the Delhi Police, including the Central Bureau of Investigation (CBI), Intelligence Bureau, and Computer Emergency Response Team (CERT-In).
The Ministry of Home Affairs is also probing the incident.
Data recovery
Main server and first backup server corrupted
The main server and the first backup server are corrupted. The NIC team is now trying to back up the files from the second backup server.
It is a common modus operandi of ransomware attacks to delete or corrupt the backup files to make data recovery harder.
The NIC team has been moving the backup files to external drives.
Meaning
What does this attack mean for India?
The ransomware attack on AIIMS is a warning bell. It tells us that India requires a comprehensive cyber security strategy, as such attacks are on the rise now.
An attack on AIIMS puts the sensitive medical data of millions at risk. The lax security measures by AIIMS and NIC, despite knowing how vulnerable cyberspace is, are something that needs to be looked into.
Protection
How to protect yourself from ransomware attacks?
Cyberattacks are the reality of the world we live in. So, it's better to be prepared to face them.
Organizations should opt for safely managed cloud backups instead of local storage. An in-house cyber expert or a chief information security officer will come in handy during cyberattacks.
Good monitoring applications, regular updates, malware detection tools, and cyber training for employees should be considered essential.