Cyber Security

Guardians of Health: Unravelling The Cyber Attack on AIIMS

In an age where technology has revolutionised the healthcare industry, safeguarding the sanctity of patient data and the uninterrupted delivery of critical medical services has never been more paramount. The recent cyber attack on the All India Institute of Medical Sciences (AIIMS) serves as a stark reminder of the relentless threats looming in the digital realm. This breach not only compromised the security of one of India's most esteemed healthcare institutions but also put the personal and medical information of countless patients at risk.

In this article, we delve into the harrowing events surrounding the AIIMS cyber attack, exploring the depth of its impact on patient care, the hospital's response, and the lessons it offers about the evolving landscape of healthcare cybersecurity. As we navigate this digital age, where data is the lifeblood of healthcare, understanding the intricacies of this incident becomes crucial not only for the healthcare sector but for anyone concerned about the safety and privacy of their personal information in an increasingly connected world.

All India Institutes of Medical Sciences

The All India Institutes of Medical Sciences (AIIMS) is a group of autonomous government public medical universities of higher education under the jurisdiction of the Ministry of Health and Family Welfare , Government of India. These institutes have been declared by an Act of Parliament as Institutes of National Importance. AIIMS New Delhi, the forerunner institute, was established in 1956 under the administration of Jawaharlal Nehru. Since then, 24 more institutes were announced.

As of January 2023, twenty institutes are operating and four more are expected to become operational until 2025. Proposals were made for six more AIIMS. It is considered a pioneer health institution of South Asia.

All India Medical Sciences (AIIMS) is the most coveted Medical College and Medical Research University of India, located in New Delhi. AIIMS has constantly been ranked at the top amongst all other medical colleges of the country. The medical science here is highly advanced which is the reason why AIIMS as a hospital witnesses so many patients from different corners of the world. It is globally renowned and recognized for its technology driven approach. This makes AIIMS the dream college for all the medical aspirants of the country. The Institute was established in 1956 in Delhi and now operates in seven more locations across the country namely Bhopal, Bhubaneshwar, Jhajjar, Patna, Raipur, Rishikesh and Jodhpur. AIIMS offers various best-in-class medical graduation and post-graduation courses.

Why Cybersecurity Is Crucial in the Medical Field

Cybersecurity plays a pivotal role in safeguarding sensitive medical data and patient information in today's interconnected healthcare landscape. Here are several key reasons why it is of paramount importance:

  • Patient Privacy and Trust: Patients entrust healthcare institutions with their most personal and sensitive information, including medical histories, test results, and personal identifiers. Maintaining the confidentiality and privacy of this data is not only a legal requirement but also an ethical obligation. A data breach can erode patient trust and compromise the doctor-patient relationship.
  • Identity Theft and Fraud Prevention: Medical records contain a wealth of information that can be exploited for identity theft and fraudulent activities. Cybersecurity measures such as access controls, encryption, and authentication mechanisms are critical in preventing unauthorised access and misuse of patient data.
  • Medical Integrity and Safety: Cyberattacks can tamper with patient records and treatment plans. Manipulating medical data could lead to incorrect diagnoses, inappropriate treatments, or even life-threatening consequences. Ensuring the integrity and accuracy of patient information is essential for delivering safe and effective healthcare.
  • Compliance with Regulations: Healthcare institutions are subject to stringent data protection regulations such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in Europe. Non-compliance can result in severe legal consequences, including fines and sanctions.
  • Financial Consequences: Data breaches can have significant financial repercussions, including costs associated with incident response, legal fees, regulatory fines, and potential lawsuits. Cybersecurity investments are a cost-effective way to mitigate these financial risks.
  • Research and Development Protection: Healthcare organisations often engage in research and development activities. Protecting research data and intellectual property is crucial for maintaining a competitive edge and advancing medical science.
  • Medical Equipment Vulnerabilities: With the increasing connectivity of medical devices and equipment (IoT in healthcare), these devices become potential targets for cyberattacks. Ensuring their security is essential to prevent disruptions in patient care.
  • Data Availability: Cybersecurity is not only about protecting data from unauthorised access but also about ensuring its availability when needed. Healthcare systems need to be resilient against downtime caused by cyber incidents to avoid disruptions in patient care.
  • Preventing Extortion: Ransomware attacks, in which cybercriminals encrypt data and demand a ransom for decryption keys, have become a major threat to healthcare organisations. Robust cybersecurity measures can prevent or mitigate the impact of such attacks.
  • Public Health and National Security: A large-scale cyberattack on healthcare infrastructure can have broader implications for public health and national security. For example, disrupting a hospital's operations during a crisis could hinder emergency response efforts.

Cybersecurity is essential in healthcare to protect patient privacy, maintain the integrity and safety of medical data, comply with regulations, prevent financial losses, and ensure the trust and well-being of patients. As healthcare systems become increasingly digitised and interconnected, the importance of robust cybersecurity measures cannot be overstated.

The First Attack 

AIIMS Delhi reported a massive cyber attack on its server, which affected a lot of services such as appointments, registration, admission, discharges, billing and report generation. This attack, which was suspected to be ransomware, occurred on November 23, 2022, just as AIIMS announced paperless services from January 1, 2023 and complete digitalisation from April 2023.

After the servers stopped working and a large number of patients were standing in queues, many of the hospital staff members tweeted. According to a hospital staff, all the basic details of the patients were being written manually. Even reports were being sent manually, which consumed a lot of time.

The hospital authorities confirmed that the server for NIC’s eHospital was down, due to which outpatient and inpatient digital hospital services including smart labs, billing, report generation, appointment system were being affected.

AIIMS director M. Srinivas reported that the team had noticed there were infected server files with changed extensions, indicating possible ransomware attacks.

Once the infected files were noticed, backup was initiated around 12:30 pm the same day. The director stated that around 6:20 pm the backup was still in progress and would likely take another 4-6 hours. A physical server had also been deployed to assess the feasibility of restoring the database backup, which could only be known once the backup was complete. 

The known infected systems were physically isolated to prevent spread and sent for forensic analysis.

The director also stated that due to the disruption, hospital operations were severely affected. No electronic patient registrations or patient billings could be done at any counters. Officials claimed that AIIMS and NIC would take due precautions to prevent such attacks in the future.

A technical analysis carried out by the Indian Computer Emergency Response Team (CERT-In) on the cyber attack on AIIMS has revealed that the IT networks of the government-run hospital was compromised by unknown threat actors due to improper network segmentation, said by the minister of state of electronics and information technology Rajeev Chandrasekhar.

In a written reply to the Rajya Sabha, Chandrasekhar said that the CERT-In probe revealed that the attack, caused due to improper network segmentation caused operational disruption due to non-functionality of critical applications.

A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.

The Second Attack

AIIMS was hit by yet another cyber attack on June 6, 2023. Six months after a cyber attack which paralysed the servers of AIIMS Delhi, another malware attack was reported on Tuesday, June 6. 

However, the new attack was thwarted within a day with the help of an advanced firewall security system that the premier institute has put to use. AIIMS had said that it thwarted a malware attack on its eHospital services. The website suffered a cyber attack and a message ‘Virus found’ was seen. The health institution said that its systems were working normally.

“The e-Hospital services remain to be fully secure and are functioning normally”, India’s premier health institution added.

Rajeev Chandrasekhar, Union Minister of State for Electronics and IT, also claimed that there was no cyber attack or breach at AIIMS.

“The website is an internal application. Someone may have tried accessing this portal and an alert was generated due to the security layer used by AIIMS. The same person may have taken a screenshot of the error message and circulated it. There is no cyber incident or breach. Error messages have also been rectified”, the minister said in a tweet.

Former cyber security chief Lt. Gen Raesh Pant said that the ransomware attack on AIIMS prompted the government to make a cyber response framework, the National Cybersecurity Response Framework (NCRF).

Pant said the attack shone a spotlight on the need to protect critical infrastructure. “It was realised that critical sectors need to have a uniform framework to respond to cybersecurity, so NCRF was conceptualised. It will be put in the public domain for critical infrastructure, such as those in the power and health sectors for implementation. ”, said Pant.

According to him, the AIIMS attack in November 2022 exposed loopholes in the cyber defence systems and several lessons have been drawn from it to better prepare the critical information infrastructure and address vulnerabilities.

Pant added that the framework would address crucial gaps in response mechanisms. He also stressed on the need for inter-ministerial cooperation and setting up of a nodal ministry to address cybersecurity threats as they are continuously evolving.

The ever-evolving landscape of cyber threats continues to remind us that our interconnected world is not without its vulnerabilities. The recent cyber attack on AIIMS, while distressing, underscores the critical importance of cybersecurity in safeguarding our most sensitive data and vital institutions.

In an era where digital transformation is revolutionising industries, the healthcare sector is no exception. Patient records, treatment plans, and medical research have all migrated to the digital realm, promising efficiency and enhanced patient care. Yet, this transformation has also made healthcare a prime target for cybercriminals seeking to exploit vulnerabilities for financial gain, personal information theft, or even endangering lives.

The lessons drawn from the AIIMS cyber attack are not unique to this institution alone. They echo across all corners of our digitally connected world. Cybersecurity must be a top priority for organisations and individuals alike. It is the barrier between the promise of technology and the peril of its misuse.

As we reflect on the AIIMS incident, we are reminded of the need for constant vigilance, robust security measures, and a commitment to ongoing education in the face of ever-evolving threats. The healthcare industry's duty to protect patient data and maintain the trust of those it serves cannot waver. Cybersecurity is not just a measure of defence; it is an affirmation of our commitment to the well-being of individuals, the integrity of our systems, and the future of our interconnected world. It is a responsibility we cannot afford to neglect.