AIIMS Ransomware Attack

The All India Institute of Medical Sciences (AIIMS), Delhi announced IT outage on November 23 because of a major ransomware attack. The AIIMS servers have been down for more than six consecutive days.

About the cyberattack

  • The ransomware attack caused the outage of e-hospital system of AIIMS, affecting digital hospital services, including smart labs, billing, report generation and appointment system.
  • It exposed hospital records of some 40 million patients of AIIMS, including former prime ministers, ministers, bureaucrats and judges.
  • The exploited AIIMS database may have contained Private Personal Information (PPI) of healthcare workers, blood donors, ambulances, vaccination, caregivers, and employee login credentials.
  • The hackers have allegedly demanded transfer of around Rs.200 crore in cryptocurrency from the AIIMS.
  • This cyberattack comes at the time when the AIIMS institute is planning to fully implement the e-hospital system by 2023 as part of its transition to become a paperless hospital.
  • The e-hospital system was developed by the National Informatics Centre (NIC). It is an HMIS hosted on the MeghRaj national cloud system that digitizes the internal workflows and processes. It serves as a single digital platform that connects hospitals, patients and doctors.

How did AIIMS Delhi respond to the attack?

Soon after the cyberattack, AIIMS Delhi shifted to manual operations. However, it struggled to cater to patients who do not have unique health ID and handle patient admissions and discharges. The AIIMS is currently managing some 2,500 beds. Additional staff has been deployed for running diagnostics, labs and OPD services until the e-hospital system is back online.

AIIMS Delhi also sought assistance from the National Informatics Centre (NIC) and the Indian Computer Emergency Response Team (CERT-In) to restore its digital services. The cyberattack was also reported to the Delhi Police, which filed FIR for cyber-terrorism, computer-related fraud and extortion against the unidentified persons responsible for the ransomware attack. The incident is also being investigated by the Intelligence Bureau, Central Bureau of Investigation, Ministry of Home Affairs, and the National Investigation Agency.

AIIMS institute had also planned to procure four new servers from the Defence Research and Development Organisation (DRDO) so that it can resume e-hospital facility. These servers will be used for OPD, IPD, and the emergency ward of AIIMS, Delhi. They will help generate bills, UHID cards and lab reports.



Leave a Reply