Two weeks after a cyber attack crippled the servers at the All India Institute of Medical Sciences (AIIMS), the system has not been completely restored as investigators anticipate more damage if it is linked to the Internet. The file extensions for all the physical servers of AIIMS running on Operating System Linux were changed by the ransomware attackers, a probe has found.
A senior government official told The Hindu that to trace the source of the attack, investigators have a huge task of scanning 11,500 computers with a fine-tooth comb as the system will continue to be affected till then.
A First Information report (FIR) filed by the Special Cell of Delhi Police on a complaint filed by an AIIMS security officer said that the hospital had been subjected to a “deliberate” ransomware attack. The FIR states that one of the officials received three attachments from e-mail users identifying themselves as “dog” and “mouse” seeking a ransom of an unspecified amount. The users asked AIIMS officials that they could send “program and private key” to the IT department of AIIMS to “decrypt the data” and warned the officials to not use third-party software to repair the system as it may lead to permanent data loss.
The FIR added that the “Hospital Information System (HIS) of AIIMS, e-Hospital” provided and managed by the National Informatics Centre (NIC) was down and the last transaction had been recorded at 7.07 a.m. on November 23. The HIS pertains to patient records, including line of treatment.
As soon as the attack was diagnosed, NIC officials reported the incident on the toll-free number of Computer Emergency Response System-India (CERT-IN).
Another government official said the source of the attack is yet to be ascertained amid indications that it could have been launched from one of the neighbouring countries.
“Even if it is a ranswomware attack, it is not the policy of the government to pay ransoms. Agencies are probing the incident and it [the HIS] will be restored soon,” said the official.
The official added that the cyber system at AIIMS was prone to breach without adequate firewalls and safety features in place.