With the recent cyber-attack on AIIMS, the nation’s prime healthcare institution, causing a 15-day outage, the threat to the country has never been more alarming. Join us as we investigate the All India Institute of Medical Sciences (AIIMS) Delhi security breach, examining its many facets and identifying key factors. Improper network segmentation by unauthorized entities caused server compromise, as a matter of fact, resulting in critical application non-functionality. – According to the Computer Emergency Response Team (CERT-In*). Apart from the official report by CERT-In, following details of attack were in public light:
- According to Business-Standard, out of 100 servers (40 physical and 60 virtual), 5 physical servers were successfully compromised by hackers.
- The Wire reported that 1.3 terabytes of data were encrypted during the attack.
- CNBC also stated that the data of approximately 3-4 crore patients, including information of VIPs, politicians, and celebrities, is feared to have been exposed due to the breach.
- Business Today reported that the hackers demanded a ransom of ₹ 200 Crore and the server remained offline for 6 days.
What Went Wrong?
A Preliminary Analysis of the Delhi AIIMS Cyber Attack
1. Existing Systems Were Already Vulnerable
According to concerned officials at the National Informatics Center (NIC*), the AIIMS has not undergone system upgrades for the past thirty years. The facility operated with outdated equipment, software, and an obsolete version of Windows.
2. Threat Actors Gained Unauthorized Access
Hackers gained insight into network usage and vulnerabilities, including potentially sensitive information and saved passwords. They were using compromised credentials of employees and patients available on the dark web.
3. The Failure of Legacy Networks
AIIMS outsourced digital and IT network solutions to Inspira Enterprise Pvt Ltd. They did this for new blocks of AIIMS. However, they did not cover the upgradation of older networks furthermore leaving them vulnerable to cyber attacks.
4. The Paradox: Was it a Ransomware Attack or a Data Breach?
The motives behind the cyber-attack were ambiguous, making it challenging to respond to the threat actors. The hackers may be using the ransom demand as a cover to mislead investigators. Some speculate that the hackers’ primary goal was to obtain health records of important individuals. The ransom demand was a guise to conceal their true intentions.
Impact on Hospital Operations:
- The investigating agencies recommended blocking internet services.
- The entire digital system collapsed, and the operations shifted to manual mode.
- The attack affected the hospital’s outpatient and inpatient digital services, including smart laboratory, billing, report generation and the appointment system.
- The teams manually prepared death/birth certificates.
- The disruption caused delays in hospital operations and hence queues at the hospital grew even longer and more chaotic.
- Poor and sick from remote areas suffered the most.
- The cyberattack managed to cripple AIIMS Delhi’s operations for nearly two weeks.
As the AIIMS cyber-attack serves as a wake-up call for India’s cyber security posture, it is imperative that government and business leaders work together to rethink their level of cybersecurity preparedness, especially, as attackers are using more sophisticated methods. Being a state-operated institution that received an immediate response from top investigation agencies, a question arises: who will assist privately run organizations?
Progressive Infotech works with your organization to identify vulnerabilities. We can develop a resilient IT security strategy to secure your business operation. A Next Gen SIEM Driven 24×7 Security Operations Center drives our cybersecurity services and support and simultaneously detect, respond and remediate in case of a cyber-attack.
Let’s Talk Cyber Security with Progressive Infotech
References:*NIC: National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology (MeitY) is the technology partner of the Government of India. NIC provides technology-driven solutions to Central and State Governments*CERT-In: The Jurisdiction of Information Technology Rules, 2013 assigns CERT-In as the mandatory reporting agency for Indian data centers, service providers, and intermediaries.
Note: These deductions are drawn from the data and information we have accumulated from publicly accessible sources as of February 2nd, 2023. Although initial deductions have been made, these may be subject to change as new information emerges. As the breach is still under investigation by CERT-in, the conclusions drawn may differ from the current understanding once the investigation results are made public.