Cyberattackers have crippled systems at one of India’s most prominent hospitals for a week, forcing the institution to operate a raft of key medical services and labs manually.
The All India Institute of Medical Sciences – a hospital that’s traditionally treated the country’s top politicians – has succumbed to a ransomware attack that’s shut down centralised records since Nov 23, the institution said in a statement.
India’s premier state-run teaching hospital has advised various departments to store data individually until systems can be restored, people familiar with the matter said, asking to remain anonymous disclosing sensitive information. The downtime is exerting a domino effect across a plethora of divisions including its clinics, complicating new patient registrations, the people added.
It’s unclear what data the attackers may have accessed, or what their motives were. The hospital itself hasn’t said what data – or whose – may have been compromised. On Monday, police in the Indian capital, where the hospital is located, said it was unaware of ransom demands in response to local media reports.
A spokesman for AIIMS did not immediately respond to text messages from Bloomberg News seeking comment. On Monday, the institute acknowledged "all hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode” and "measures are being taken for cybersecurity.” It gave no details in the statement, except to describe it as a cybersecurity incident.
The incident is the latest in a long and accelerating run of cyber-intrusions that have plagued global institutions for years, as hackers, ranging from state-sponsored attackers to opportunists seeking enrichment, take advantage of endemic deficiencies in cybersecurity.
But the AIIMS incident is notable given the target’s prominence as well as the amount of time it’s taking to secure breached systems.
Ransomware is a type of malware that encrypts a victim’s computers. The attackers then demand a ransom payment to unlock them. Ransomware payments have skyrocketed in recent years, US government data shows, as many groups have adopted a type of double extortion. In addition to encrypting files and demanding money, they also are stealing private troves of data and threatening to release it if their demands aren’t met.
Medical institutions in particular present an attractive target because of the highly sensitive nature of the data they house, as well as their critical societal roles. In October, Australian health insurer Medibank Private Ltd disclosed that the personal information of nearly 10 million people had been exposed in an attack.
The Treasury Department said that US financial institutions reported nearly US$1.2bil (RM5.37bil) on likely ransomware-related payments in 2021, usually in response to breaches originating with Russian criminal groups. – Bloomberg