With the recent cyber-attack on AIIMS, the nation’s prime healthcare institution, causing a 15-day outage, the threat to the country has never been more alarming. Join us as we investigate the All India Institute of Medical Sciences (AIIMS) Delhi security breach, examining its many facets and identifying key factors. Improper network segmentation by unauthorized entities caused server compromise, as a matter of fact, resulting in critical application non-functionality. – According to the Computer Emergency Response Team (CERT-In*). Apart from the official report by CERT-In, following details of attack were in public light:
- According to Business-Standard, out of 100 servers (40 physical and 60 virtual), 5 physical servers were successfully compromised by hackers.
- The Wire reported that 1.3 terabytes of data were encrypted during the attack.
- CNBC also stated that the data of approximately 3-4 crore patients, including information of VIPs, politicians, and celebrities, is feared to have been exposed due to the breach.
- Business Today reported that the hackers demanded a ransom of ₹ 200 Crore and the server remained offline for 6 days.
What Went Wrong?
A Preliminary Analysis of the Delhi AIIMS Cyber Attack
1. Existing Systems Were Already Vulnerable
The AIIMS has not undergone system upgrades for the past thirty years, as indicated by concerned officials at the National Informatics Center (NIC*). Moreover, the facility operated with outdated equipment, software, and an obsolete version of Windows.
2. Threat Actors Gained Unauthorized Access
Utilizing compromised credentials of employees and patients available on the dark web, hackers gained insight into network usage and vulnerabilities. Consequently, this unauthorized access included potentially sensitive information and saved passwords.
3. The Failure of Legacy Networks
AIIMS outsourced digital and IT network solutions to Inspira Enterprise Pvt Ltd. They did this for new blocks of AIIMS. However, they did not cover the upgradation of older networks furthermore leaving them vulnerable to cyber attacks.
4. The Paradox: Was it a Ransomware Attack or a Data Breach?
The motives behind the cyber-attack were ambiguous, making it challenging to respond to the threat actors. Some speculate that the hackers’ primary goal was to obtain health records of important individuals, and they may be using the ransom demand as a cover to mislead investigators, thereby employing it as a guise to conceal their true intentions.
Impact on Hospital Operations:
- The investigating agencies recommended blocking internet services.
- The entire digital system collapsed, and the operations shifted to manual mode.
- The attack, consequently, affected various digital services of the hospital, such as smart laboratory, billing, report generation, and the appointment system, both for outpatient and inpatient purposes.
- The teams manually prepared death/birth certificates.
- The disruption caused delays in hospital operations and hence queues at the hospital grew even longer and more chaotic.
- Poor and sick from remote areas suffered the most.
- The cyberattack managed to cripple AIIMS Delhi’s operations for nearly two weeks.
The AIIMS cyber-attack is a wake-up call for India’s cyber security. Government and business leaders must rethink cybersecurity preparedness. Attackers use more sophisticated methods. Who will assist privately run organizations?
Progressive Infotech works with your organization to identify vulnerabilities. We can develop a resilient IT security strategy to secure your business operation. A Next Gen SIEM Driven 24×7 Security Operations Center drives our cybersecurity services and support and simultaneously detect, respond and remediate in case of a cyber-attack.
References:*NIC: National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology (MeitY) is the technology partner of the Government of India. NIC provides technology-driven solutions to Central and State Governments*CERT-In: The Jurisdiction of Information Technology Rules, 2013 assigns CERT-In as the mandatory reporting agency for Indian data centers, service providers, and intermediaries.
Note: These deductions are drawn from the data and information we have accumulated from publicly accessible sources as of February 2nd, 2023. While initial deductions have been made, the possibility of changes exists as new information emerges. CERT-in is currently investigating the breach, and the conclusions drawn may differ from the current understanding once the investigation results become public.