Based on current analysis by stakeholders concerned, about 1.3 terabyte data were encrypted in the recent ransomware attack on the All-India Institute of Medical Sciences’ (AIIMS) information technology network by unknown threat actors, according to the government.
In a written response to the question of Rajya Sabha member John Brittas, Minister of State For Electronics And Information Technology Rajeev Chandrasekhar on Friday said the computer systems were being managed by the AIIMS itself. Upon being informed about the cybersecurity incident, the Indian Computer Emergency Response Team (CERT-In) had done an evaluation.
“As per the preliminary analysis, servers were compromised in the information technology network of the AIIMS by unknown threat actors due to improper network segmentation, which caused operational disruption due to non-functionality of critical applications. CERT-In and other stakeholder entities have advised necessary remedial measures,” said the reply.
“Based on current analysis by concerned stakeholders, five servers of the AIIMS were affected and approximately 1.3 terabytes of data were encrypted,” it said.
Special advisory
Mr. Chandrasekhar said CERT-In, which is mandated to track and monitor cybersecurity incidents in India, had issued a special advisory on security practices to enhance resilience of health sector entities, which had been communicated to the Health Ministry for sensitising health sector entities regarding the latest cybersecurity threats.
The Ministry had been requested to disseminate the advisory among all the authorised medical care entities and service providers in the country. “It has also been suggested that they may carry out special audit through CERT-In-empanelled auditors on priority basis, comply with the findings of such audit and ensure implementation of security best practices,” said the Minister.
On observing a ransomware incident, CERT-In notifies the affected organisations along with remedial actions to be taken and coordinates response measures with the affected organisations, service providers, respective sector regulators and law enforcement agencies. “A Cyber Crisis Management Plan for countering cyberattacks and cyberterrorism has been formulated by CERT-In for implementation by all the ministries and departments of the Central government, State governments and their organisations and critical sectors,” he said.
CERT-In has also published “India Ransomware Report H1-2022” this August, covering latest tactics and techniques of ransomware attackers and ransomware-specific incident response and mitigation measures.
‘Data retrieved’
Replying to another question in the Lok Sabha, Minister of State for Health and Family Welfare Bharati Pravin Pawar said all the data for e-Hospital had been retrieved from a backup server and restored on new servers.
“No specific amount of ransom was demanded by the hackers though a message was discovered on the server suggesting that it was a cyberattack,” said the Minister.
Most of the functions of e-Hospital application such as patient registration, appointment, admission, discharge etc. had been restored after two weeks of the attack.
