AIIMS cyberattack

THE All India Institute of Medical Sciences (AIIMS), New Delhi, has been in the firefighting mode ever since the November 23 cyberattack on some of its servers that compromised sensitive data and e-records of crores of patients. The hospital has shut down its servers, network and computers to sanitise them and update the anti-virus software so as to strengthen cybersecurity before online work is restored. However, it not yet clear if the lost data — that is crucial for not only ongoing treatments but also for academic research and reference purposes by the doctors and scientists working at the premier institute — can be retrieved.

Meanwhile, the institute is hobbling with contingency plans, including seeking DRDO help and activating the manual mode to offset the suffering and disruption that the malware infection is causing to patients, physicians and paramedical and administration staff as they struggle with appointments and registration, billing and laboratory reports. Given that tens of lakhs of patients visit AIIMS annually and that the institute was ready to be fully digitised in a few months, a huge and precious cache of stored files has been corrupted. The hacking rightly warrants a multi-agency investigation.

Besides the derailing of the hospital’s functioning and loss of its e-records holding years of work by ransomware, the risk of hackers selling the encrypted files on the dark net or asking for ransom to decrypt them remains. The healthcare sector is vulnerable as it has been the target of cyber criminals for some years. With a Cloud SEK survey reporting a spike of 95 per cent in the hacking of hospitals’ e-systems in the first quarter of this year as compared to the corresponding period of 2021, countering the cyber criminals is a challenge. The AIIMS incident should goad the authorities to enhance cybersecurity measures that enable multiple backups of valuable records, as also to conduct regular cyber audits. Lessons could be drawn from the tools deployed by the UK to plug the loopholes in its National Health System after it was cyber-attacked earlier this year.