AIIMS cyber attack: At least five servers infected, have data of 3-4 crore patients

Two systems analysts are learnt to have been suspended on Monday for not responding to phone calls and not attending an emergency meeting on November 23, when the cyber attack took place.

https://indian-express-develop.go-vip.net/article/cities/delhi/aiims-ransomware-attack-services-hit-8285901/

At least five servers at the All India Institute of Medical Sciences (AIIMS) have been infected by the cyber attack which has disabled online services at the premier hospital for a week now.

Top government sources told The Indian Express that AIIMS-Delhi has 40 physical servers and 100 virtual servers. “Of these, five servers have been infected as a result of the cyber attack,” said sources.

Also Read | Amid cyber attack, AIIMS seeks a helping hand from DRDO

Sources said the five servers hosted data of approximately 3-4 crore patients, but added that reports of patient data being stolen had “no factual basis”.

Story continues below this ad

Meanwhile, two systems analysts are learnt to have been suspended on Monday for not responding to phone calls and not attending an emergency meeting on November 23, when the cyber attack took place.

The duo were issued showcause notices on November 24, and told to file their written replies the same evening. The showcause notice issued to one of the analysts, who is learnt to have been on leave at the time, mentioned that the official was contacted on phone, but did not respond. The notice, seen by The Indian Express, said a text message was also sent to him, but he did not turn up for the emergency meeting on the night of November 23.

Sources said the second showcause notice was similar in content.

While hospital services have been operating in manual mode since the cyber attack, a team of experts from the Indian Computer Emergency Response Team (CERT-in) and National Informatics Centre (NIC) are working on restoring digital services.

Story continues below this ad

Significantly, sources said that besides the servers, the AIIMS network and its computers are “also vulnerable”. Therefore, following the advice of CERT-in, AIIMS internet and AIIMS intranet have been discontinued and “their vulnerabilities are being addressed”, said sources.

“AIIMS has about 10,000 computers and not all of them have updated anti-virus applications. This is also being addressed,” sources said.

The restoration of servers is taking longer than expected as it is a highly technical job that involves three broad steps, said sources. First, the five infected servers have to be verified. Second, they will then have to be restored. Third, the data backed up on the five infected servers, which has been transferred elsewhere, has to be restored “on the rectified servers”.

“The eHospital data has been restored on the servers. Network is being sanitised before the services can be restored. The process is taking some time due to the volume of data and large number of servers/ computers for the hospital services. Measures are being taken for cyber security,” AIIMS said in a statement on Tuesday, adding that “all hospital services, including out-patient, in-patient, laboratories etc continue to run on manual mode”.

Story continues below this ad

The National Investigation Agency (NIA) sent a team to AIIMS on November 25. Besides CERT-in and NIC teams, a team from the Defence Research and Development Organisation (DRDO) is also looking into the matter, said sources. The Delhi Police, Intelligence Bureau, Central Bureau of Investigation and the Ministry of Home Affairs (MHA) are also probing the incident.

Kaunain Sheriff M

Kaunain Sheriff M is an award-winning investigative journalist and the National Health Editor at The Indian Express. He is the author of Johnson & Johnson Files: The Indian Secrets of a Global Giant, an investigation into one of the world’s most powerful pharmaceutical companies. With over a decade of experience, Kaunain brings deep expertise in three areas of investigative journalism: law, health, and data. He currently leads The Indian Express newsroom’s in-depth coverage of health. His work has earned some of the most prestigious honours in journalism, including the Ramnath Goenka Award for Excellence in Journalism, the Society of Publishers in Asia (SOPA) Award, and the Mumbai Press Club’s Red Ink Award. Kaunain has also collaborated on major global investigations. He was part of the Implant Files project with the International Consortium of Investigative Journalists (ICIJ), which exposed malpractices in the medical device industry across the world. He also contributed to an international investigation that uncovered how a Chinese big-data firm was monitoring thousands of prominent Indian individuals and institutions in real time. Over the years, he has reported on several high-profile criminal trials, including the Hashimpura massacre, the 2G spectrum scam, and the coal block allocation case. Within The Indian Express, he has been honoured three times with the Indian Express Excellence Award for his investigations—on the anti-Sikh riots, the Vyapam exam scam, and the abuse of the National Security Act in Uttar Pradesh. ... Read More

Stay updated with the latest - Click here to follow us on Instagram