AIIMS server down: Chinese hackers suspected; services moved to manual mode and other details – Times of India

All India Institute of Medical Sciences (AIIMS) has been hit by a massive ransomware attack. The digital services at the country’s premier healthcare institution have been down since 7am on Wednesday (November 23). Delhi Police has filed an FIR for cyber terrorism and extortion.The FIR has been registered under 66F (cyber terrorism) and 66 (computer related fraud) of the Information Technology Act and section 385 (extortion) at IFSO, special cell.
‘Chinese connection’ likely
“Prima facie, it appears that a weak firewall and outdated systems apart from lack of cloud-based servers made the bid, most probably by Chinese hackers possible,” say officials. Information on whether any significant research or health data has been stolen is not yet available.
AIIMS officials have confirmed that this was a ransomware attack – a type of cyber hacking in which a cyberattacker deployed ransomware or malicious software in the victim’s systems that encrypts the data. The attacker then asks for a “ransom” to restore access for the victim.
Citing sources, a media report said that the extortion amount has not been disclosed by the hackers yet. Furthemore, the cyberattackers have reportedly given a protonmail address for the authorities to connect with them to recover system data and decrypt files. They have reportedly modified the extensions of infected files.
NIC, Cert-In helping to restore services
AIIMS reported the massive cyber attack on Wednesday (November 23) and said that all patient care services have been badly impacted since 7 am. The hospital authorities confirmed that the server for National Informatics Centre‘s eHospital being used is down. National Information Centre (NIC), along with CERT-In, are helping in the restoration of services.
Also Read: AIIMS hit by ransomware attack: What does ransomware mean, how dangerous it is and other details
Basic services hit
The cyberattack has affected basic daily operations such as appointments, patient registrations and admissions and billing systems, at one of the biggest state-owned hospitals. “With the server being down, the outpatient and inpatient digital hospital services, including smart lab, billing, report generation and appointment system, among others have been affected,” AIIMS said in a statement.
Following the cyberattack, admission, discharge and transfer are being done manually at AIIMS. Furthermore, death/birth certificates are being manually prepared, as per instruction from the working committee.

Indian healthcare hotspot for hackers
Earlier this year, a report by cyber threat intelligence CloudSEK said that the Indian healthcare industry has received the second highest cyberattacks globally and they have compromised over 71 lakh records. “After the US, India recorded the second highest number of attacks on the healthcare industry with a total of 7.7 percent of the attacks in 2021,” the report said.
CloudSEK is among the companies that provide cyber threat intelligence to CERT-in – India’s nodal agency for responding to computer security incidents. Earlier this year, CERT-in said in its report that it has observed a 51% increase in ransomware incidents in the country in the first half of this year.