Since Wednesday, staff at All India Institute of Medical Sciences (AIIMS) have been running services manually, including admissions, discharges, and billing, which has led to delays and long patient queues. In a press release, AIIMS stated that the appropriate law enforcement agencies are looking into the incident. Furthermore, the national cybersecurity response agency, CERT-IN, and the National Informatics Centre (NIC) are working on restoring affected services. AIIMS is a state-run educational institution that has been operating in New Delhi since the 1950s and has more than 2,000 hospital beds and thousands of undergrad students. It is currently unclear if the attackers have stolen any patient data.
AIIMS eHospital Server Hit by Ransomware
According to the press release, the server hosting AIIMS’ eHospital services was the target of the ransomware attack. The service is a cloud-based application that allows hospitals to run patient-centric services online. This includes patient registration services, billing, lab information system, and radiology information systems, along with a host of other facilities. The press release stated that the incident impacted several digital hospital services, such as smart lab, billing, report generation, and the appointment system. Following the incident, a working committee sent out standard operating procedures to the staff, directing them to manually conduct admissions, discharges, and transfers of patients, among other services. The staff was also told to sign birth and death certificates on physical forms. “We are not able to send many blood investigations, request imaging studies and are not able to view previous reports or images,” a resident doctor stated. “Many such operations are being done manually, which takes more time and is prone to errors,” the doctor added.
Cyberattacks Against Healthcare Sector on the Rise
The ransomware attack against AIIMS closely follows its announcement to go completely digital by April 2023. This attack serves as an unfortunate reminder of the vulnerabilities in the healthcare sector. According to a recent report by cybersecurity firm CloudSEK, India’s healthcare industry was the second most targeted in the world in 2021, behind only the U.S. Year over year, the cyberattacks on the healthcare sector have nearly doubled, with the most common methods of attack being phishing and business email compromise (BEC), DDoS attacks, ransomware, and breaching networks through vulnerabilities and exploits. “Data from CloudSEK DRM reveals that the number of cyberattacks against the healthcare industry has increased by 95.34% in the first 4 months of 2022 as compared to the number of cyberattacks in 2021 during the same period,” the report states. “A total of 34.14% of this increase can be attributed to the USA alone.” Last month, the FBI issued an alert warning that the Daixin Team ransomware group was actively targeting organizations in the U.S. healthcare industry. Other cybercrime groups, such as Ryuk and Cerber also carried out high-profile attacks on the sector in recent years.