AIIMS Cyberattack: Main Servers May Have Been Attacked by ‘Foreign State Actor’

New Delhi: The preliminary investigation into the cyberattack on some of the servers at the All India Institute of Medical Sciences (AIIMS) in Delhi has found that the hack originated from another country, and could possibly have involved “a foreign state actor” according to a report in The Indian Express.

The cyber incident that took place last month brought the online management system of the institute to a halt and raised concerns over the data of crores of patients being compromised, including that of high-profile political personalities.

The Indian Computer Emergency Response Team (Cert-in) within the Ministry of Electronics and Information Technology, Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, Central Bureau of Investigation, National Forensic Sciences University, National Critical Information Infrastructure Protection Centre, and National Investigation Agency, etc. are investigating the cyber attack.

According to reports, Cert-In, the country’s premier cybersecurity agency, is learnt to have concluded its initial investigation into the cyberattack, including the diagnosis of the hack and preliminary identification of the actors involved in it.

A senior Government official told The Indian Express, ‘the origin of the cyberattack is from outside of India, and the initial investigation by Cert-In points to the possibility of the involvement of a foreign state actor.”

As per CERT-In’s preliminary diagnosis, the cyberattack was the result of an “unorganised ICT (information and communications technology) network without centralised monitoring or system administration”. This means the infected devices were connected to each other and the data on all of them could be accessed from every connected device — and no team was monitoring who was accessing these systems.

Meanwhile, Delhi AIIMS is currently working on devising a cyber security policy for the hospital and other wings with guidance from investigating agencies as its servers remained down following the ransomware attacks. Recommendations have been sought from the investigating agencies in this regard.  Besides, a Chief Information Security Officer (CISO) is being appointed on an ad hoc basis for emergency cyber security measures to be taken at AIIMS here to restart the e-Hospital services and prevent such incidents in the future.

“The e-Hospital data has been restored on the servers. The network is being sanitised before the services can be restored. The process is taking some time due to the volume of data and a large number of servers and computers for the hospital services. Measures are being taken for cyber security,” the institute said in a statement Wednesday.

While AIIMS had earlier said the data has been restored, a number of its systems continue to be offline.