Ransomware attackers allegedly demand ransom from AIIMS: police deny report

A hacker has allegedly demanded Rs 200 crore in cryptocurrency from the All India Institute of Medical Science (AIIMS) after it was hit by a ransomware attack on November 23, according to a report by Press Trust of India (PTI).

The Delhi police, however, have denied the report. In a Tweet on Monday night, the law enforcement agency wrote, “Some sections of the press are reporting that ransom has been demanded against restoration of @aiims_newdelhi server. No such information brought to notice by AIIMS authorities.” 

AIIMS was hit by a ransomware attack on its hospital management system on Wednesday morning, after which the hospital was forced to operate in manual mode. Patient care services in the emergency, outpatient, inpatient and laboratory wings have been severely impacted by the attack. 

On Thursday, the hospital also said that birth and death certificates would be made manually on physical forms.  

It is estimated that the data of about 3 crore to 4 crore patients could have been compromised due to the attack. This also includes data on former prime ministers, ministers, and judges. 

Network sanitization process to continue

Meanwhile, a network sanitization process is in progress at the hospital. “The full sanitisation of the network is likely to continue for five more days,” the PTI reported, quoting an official source. 

After the process is completed, the e-hospital services will be rolled out in a phased manner. 

Antivirus solutions have been put in place for servers and computers. The antivirus technology has been installed on nearly 1,200 out of 5,000 computers. Twenty out of 50 servers have been scanned and this activity is ongoing continuously, seven days a week, the source informed PTI. 

The application servers for the e-hospital and the National Informatics Centre (NIC) e-hospital database have been restored. Scanning and cleaning of infection from other e-hospital servers located at AIIMS is underway. The data restoration and sanitization process is taking time due to the volume of data and the large number of servers for hospital services. Measures are being taken for cybersecurity, AIIMS said in a statement on Monday. 

Four physical servers arranged for restoring e-hospital services have been scanned and prepared for the databases and applications, PTI reported. 

Earlier, AIIMS had said that support is being sought from the India Computer Emergency Response Team (CERT-In) and NIC to restore the digital services. 

Investigations are underway 

On November 25, the Intelligence Fusion and Startegic operations unit of the Delhi police registered a case of extortion and cyber terrorism releated to the AIIMS breach.

The Ministry of Home Affairs, CERT-In and Delhi police are investigating the attack. On the recommendation of the investigating agencies the internet services at the hospital have been blocked, PTI reported. The National Investigation Agency (NIA) has also joined the ongoing investigation. 

The hospital authorities have suspended two system analysts. They have also been served show-cause notices for alleged dereliction of duty, according to a report by MoneyControl. 

AIIMS is a multi-speciality research university and hospital that is visited by thousands of patients from across the country. It operates autonomously under the Ministry of Health and Family welfare.

Since the servers have been down the footfall at the hospital has increased. “In the last three days, we have attended to almost 12,000 patients on a daily basis—which is even more than earlier since the patients are not required to take an appointment,” Dr D K Sharma, medical superintendent, said.