AIIMS medical records of VIPS unlikely to have been compromised by hackers
breached contain records related to registration, admission summary, discharge summary, all details attached with Unique Health Identification (UHID) number, including mobile and Aadhaar details of the patient. Medical research and clinical data of AIIMS, too, are likely to have been impacted.
The control of the servers, which have been compromised, are likely to be regained by the Indian authorities by this weekend and normal work is likely to resume by 5 December. According to the authorities, while the attack was discovered on 23 November, it was very much possible the systems were infected for a longer time and the hackers decided to make known of the attack to the hospital authorities only after they stole the data that they believe they needed to put pressure on the Indian government.
According to a cyber expert, who has investigated cyberattacks originating from Pakistan and China in the past, the ransomware group involved in the recent incident has likely exfiltrated sensitive data with the aim to sell it on underground forums. According to him, such ransomware extortion operations need a lot of time to be spent on the victim server and they should have been detected way before.
The hackers stole the information and then encrypted the servers and endpoint systems, for which they are demanding ransom money. The AIIMS officials, under its new director, M. Srinivas, who is making waves by bringing in a pro-people approach in the hospital, has ordered that in the wake of the recent “cyberattack”, no router will be connected to the AIIMS network and no computer that is on AIIMS LAN will be using a hotspot. All computers connected to the AIIMS network are being formatted. As per publicly available information, AIIMS runs on 40 physical servers and 100 virtual servers.