Ransomware attack prompts AIIMS to initiate talks with top IT firms
Even as the country’s top premier medical institute— All India Institute of Medical Sciences (AIIMS) is grappling with one of the biggest cyber-attacks damaging the precious research & healthcare data of millions of patients, the AIIMS authorities have initiated conversations with top government & private IT firms for future management of their computer and IT related work.
“It is the 8th day since the cyber-attack has taken place and damage has already been done. But we do not want to waste time and hence, started discussion with top IT companies as immediate next steps. We will see which firm is capable of doing our IT work and accordingly action will be taken,” said an official at AIIMS requesting anonymity.
Meanwhile, several government agencies National Investigation Agency (NIA), India Computer Emergency Response Team (CERT-IN), Delhi Police, Defence Research and Development Organization DRDO, Intelligence Bureau, Central Bureau of Investigation (CBI) and Ministry of Home Affairs (MHA) are constantly investigation the matter and trying to restore the data.
Asked about the ransomware demand of Rs 200 crore by the hackers, the second official said, “For sure, AIIMS data has been hacked, but as of now, there is no such discussion about the ransom from the hacker during our meeting, however, as a part of their communication, it seems that they are “rookie hackers” who are trying to show their ability and mocking our security features.”
Queries sent to health ministry and AIIMS spokesperson did not respond immediately.
Rahul Sasi, Co-Founder & CEO CloudSEK, a Singapore based cyber security and research firm said, “As per our research, there are some discussions going on dark web related to AIIMS cyber-attack among different hacker groups and they are claiming easy security issues with multiple flaws in AIIMS IT features. But what kind of kind of data and what is the ransom, it is still not figured out.”
Yesterday in statement AIIMS said that the eHospital data has been restored on servers and network being sanitized before services can be restored. Due to large amount of data stored in multiple servers and scanning of over 5000 computers, the process is taking time.
While AIIMS is taking several measures for cyber security, all hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode. The institute sees more than 20,000 per day in OPD.