Delhi AIIMS ransom ware attack carried out by hackers from China, Hong Kong: Report

The ransom ware cyber attack that crippled the online management system of the All India Institute of Medical Sciences (AIIMS) in New Delhi involved China-based hackers including possibly “a foreign state actor”, reported the indianexpress.com and the timesofindia.com Dec 3, citing preliminary investigation.

The cyber incident that took place last month had brought the online management system of the institute to a halt, and raised concerns over the data of crores of patients being compromised, including that of high-profile political personalities.

“AIIMS Delhi server attack was by the Chinese, FIR details that the attack had originated from China. Of 100 servers (40 physical and 60 virtual), five physical servers were successfully infiltrated by the hackers. The damage would have been far worse but is now contained. Data in the five servers has been successfully retrieved now,” the source from the Union health ministry told ANI on Wednesday. 

The personal details of millions of patients in AIIMS Delhi were at risk due to the ransom ware attack last month. In December, a special cell of the Delhi Police launched an investigation into the attack. 

The investigations found that the IP addresses of two emails identified from the headers of files encrypted by the hackers originated from Hong Kong and China’s Henan province.

Meanwhile, authorities from AIIMS said in a statement that the e-hospital data was restored. 

“The e-hospital data has been restored on the servers. The network is being sanitized before the services can be restored. The process is taking some time due to the volume of data and a large number of servers/computers for the hospital services. Measures are being taken for cyber security,” the statement said. 

It added all hospital services, including outpatient, in-patient, laboratories, etc., continue to run on manual mode. 

AIIMS, Delhi, faced the cyber attack on November 23 after which a case of extortion and cyber terrorism was registered by the Delhi Police on November 25. The internet services were blocked as per the recommendations of the investigating agencies. 

“The origin of the cyber attack is from outside of India, and the initial investigation by Cert-In (Indian Computer Emergency Response Team, the country’s premier cyber security agency) points to the possibility of the involvement of a foreign state actor,” the indianexpress.com quoted a senior government official as saying.

Computer Emergency Response Team (CERT-In), Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, CBI and National Investigation Agency, are investigating the ransom ware attack that is feared to have compromised the records of nearly four crore patients.
 

Investigation has confirmed that five main servers were targeted by the Chinese hackers who subsequently put it on the dark web, the report said.

On reports that a ransom of Rs 200 crore in crypto currency had been demanded by the hackers, Delhi Police had given a cryptic statement that no ransom demand had been brought to their notice by AIIMS. Delhi Police, however, has filed an FIR of extortion and cyber terrorism on the complaint of AIIMS security officer, the report added.

***