Officials estimated that the perpetrators have held ransom of over 4 crore patients’ profiles consisting of sensitive medical records and personal data. It includes top politicians including Amit Shah, union home minister, Manmohan Singh, former Prime Minister, and foreign dignitaries who received treatment at AIIMS

New Delhi:

With the All India Institute of Medical Sciences (AIIMS), New Delhi, still struggling to get its servers up and running after a massive ransomware attack earlier this week, cyber-security researchers on Saturday said the most reported attacks in the healthcare industry, which rose during the pandemic, involve the leak or sale of databases on the Dark Web.

The exploited databases contain Personally Identifiable Information (PII) of patients and healthcare workers, as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc.

“Government agencies involved in the healthcare industry should abide by HIPAA`s (Health Insurance Portability and Accountability Act) compliance requirements, create awareness among users regarding cyber-attacks, online scams, and phishing campaigns, set up policies for secure passwords and enable multi-factor authentication (MFA),” a spokesperson of AI-driven cyber-security firm CloudSEK told IANS.

The cyber attack on AIIMS shut down its main and back-up servers.

The attackers hacked the e-hospital service which manages the patient data system, affecting the outpatient department (OPD) and sample collection services.

Those behind the cyber attack have warned AIIMS to “prepare for a negotiation”.

Delhi Police are investigating the cyber attack.

Meanwhile, AIIMS officials said that all affected online patient services are now being run on manual mode.

According to CloudSEK, a massive spike in cyberattacks on healthcare organisations has been witnessed during the pandemic.

“Our research shows that in the first four months of 2022, the number of cyberattacks on the industry rose by 95.34 per cent compared to the same period in 2021. The Indian healthcare sector was the second most targeted when it comes to cyberattacks worldwide,” the company spokesperson said.

Protecting patients` medical and financial information has emerged as a new challenge for healthcare organisations.

According to Indusface, an application security SaaS company, there were more than 1 million cyber attacks of various types across Indusface`s global healthcare clientele.

Of these, 278,000 attacks were reported in India, highlighting the vulnerabilities of the Indian healthcare sector.

CloudSEK research revealed recently that immediate challenges to the healthcare sector include phishing and BEC (business email compromise), ransomware attacks, DDoS (Distributed Denial of Service) attacks, insider threats, critical infrastructure and Medjacking, etc.

In August this year, the UK`s National Health Service (NHS) was hit by a ransomware attack via a third-party vendor.

Advanced, which provides several products to NHS hospitals and clinics, said its systems were disrupted by a ransomware attack on August 4. Three months after the major attack wiped out NHS systems, patients` records are still missing and safety has been compromised, according to reports.

The August attack has been the most disruptive cyber-security incident on the health service since WannaCry ransomware attack in May 2017, which disrupted 80 NHS trusts and 603 NHS organisations, including 595 GP practices.

“Organisations should frequently update and patch networks, systems, and software. Keep several backups, both online and offline, in different and secure places. Keep an eye on logs for any unexpected traffic and activity on websites and other applications,” advised CloudSEK.

Healthcare experts, including hospital staff, should avoid clicking on suspicious emails, messages and links, it said.

Meanwhile, the investigation into AIIMS Delhi’s server remaining down for the third consecutive day continued on Friday even as patient care services were managed manually, officials said.

Sources said internet services at the premier medical institute have been blocked as per the recommendations of the investigating agencies.

“Investigation into the incident and efforts to bring back the digital patient care services are progressing. Actions to prevent such attacks are being planned. We hope to be able to restore the affected activities soon,” the All India Institute of Medical Sciences (AIIMS) said in a statement.

Amid the cyber security scare, all emergency and routine patient care, and laboratory services continue to be managed manually, it said.

The Indian Computer Emergency Response Team (CERT-IN), Delhi Police and Ministry of Home Affairs representatives are continuing their work to resolve the matter, official sources told PTI.

The National Investigation Agency (NIA) has also joined in, they said.

Four physical servers arranged for restoring e-Hospital services have been scanned and prepared for the databases and applications, they said.

Another source said 15 out of around 50 servers and 400 out of around 5,000 endpoint computers have been scanned using antivirus, and the activity is ongoing.

“Internet services are blocked as per the recommendations of the investigating agencies,” the official source said.

The cyber-attack, which AIIMS reported on Wednesday at 6:45 am has shut down its main and back-up servers.

The attackers hacked e-hospital service which manages patient data system and routine activities in the patient care areas including OPD registrations, appointments report generations (tests), smart lab, billing, among others.

However, National Informatics Centre (NIC) officials timely separated its second back-up server to prevent further damage. Experts are trying to retrieve the data from the e-hospital and lab information on external drive while four more servers have been integrated to the hospital’s network, officials said.

Officials estimated that the perpetrators have held ransom of over 4 crore patients’ profiles consisting of sensitive medical records and personal data. It includes top politicians including Amit Shah, union home minister, Manmohan Singh, former Prime Minister, and foreign dignitaries who received treatment at AIIMS.

Sources said the perpetrator has asked the hospital to “prepare for negotiation” for the data held captive through e-mail.