Why the AIIMS cyberattack was so devastating
After a cyber-attack wrecked the internal systems of All India Institute of Medical Sciences (AIIMS), the premier medical institution switched many operations from digital to manual seven days ago. Mint explains how devastating such a hack can be.
What happened in the cyberattack on AIIMS?
A breach was detected in the internal systems of AIIMS on 23 November, which led the hospital to shut down most digital patient care systems and move to manual means. AIIMS confirmed the attack in a statement and has said that data restoration and server cleaning are taking time because of the large volumes and the number of servers that the hospital services require. The premiere medical institution also said that it is taking cyber security measures, and Mint reported earlier that it has reached out to multiple agencies and IT firms to strengthen its systems for the future as well.
Was it really a ransomware attack?
A ransomware is malware that encrypts data on a system, blocking users’ access to that data. Hackers ask for a ransom in order to return access to that data, which in this case is said to be ₹200 crore. According to some security professionals, a ransomware attack is likely, since other trojans wouldn’t bring things to a standstill the way it has. They pointed out that info-stealers would have tried to avoid detection and stolen data, and would be easier to remove. However, the ransomware theory has been denied by both AIIMS and the Delhi Police.
Why is it taking long to bring systems back online?
Security professionals working at AIIMS will have to check the entire system now, making sure that each system on the network is malware-free. This can indeed take time, and seven days is quite natural. In fact, security pros said that in large systems where a hack hasn’t been contained, restoring access can take months or even years at times.
Read the full explainer on Mint.