New Delhi: Cyberattackers have crippled systems at one of India’s most prominent hospitals for a week, forcing the institution to operate a raft of key medical services and labs manually.
The All India Institute of Medical Sciences — a hospital that’s traditionally treated the country’s top politicians — has succumbed to a ransomware attack that’s shut down centralized records, people familiar with the matter said.
India’s premier state-run teaching hospital has advised various departments to store data individually until systems can be restored, the people said, asking to remain anonymous disclosing sensitive information. The downtime is exerting a domino effect across a plethora of divisions including its clinics, complicating new patient registrations, the people added.
It’s unclear what data the attackers may have accessed, or what their motives were. The hospital itself hasn’t said what data — or whose — may have been compromised. On Monday, police in the Indian capital, where the hospital is located, said it was unaware of ransom demands in response to local media reports that 2 billion rupees ($24.5 million) had been demanded.
The sprawling hospital complex handles 1.5 million outpatients and 80,000 inpatients a year, according to information on its website. Prime Minister Narendra Modi was administered his Covid-19 vaccination at AIIMS and Home Minister Amit Shah was treated there after he tested positive for the virus.
A spokesman for AIIMS did not immediately respond to text messages from Bloomberg News seeking comment. On Tuesday, the institute said it had recovered all its data, but “all hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode” since Nov. 23 while authorities sanitize the network. It gave no details in the statement except to describe it as a cyber-security incident.
The incident is the latest in a long and accelerating run of cyber-intrusions that have plagued global institutions for years, as hackers, ranging from state-sponsored attackers to opportunists seeking enrichment, take advantage of endemic deficiencies in cybersecurity.
But the AIIMS incident is notable given the target’s prominence as well as the amount of time it’s taking to secure breached systems.
Ransomware is a type of malware that encrypts a victim’s computers. The attackers then demand a ransom payment to unlock them. Ransomware payments have skyrocketed in recent years, US government data shows, as many groups have adopted a type of double extortion. In addition to encrypting files and demanding money, they also are stealing private troves of data and threatening to release it if their demands aren’t met.
Medical institutions in particular present an attractive target because of the highly sensitive nature of the data they house, as well as their critical societal roles. In October, Australian health insurer Medibank Private Ltd. disclosed that the personal information of nearly 10 million people had been exposed in an attack.
The Treasury Department said that US financial institutions reported nearly $1.2 billion on likely ransomware-related payments in 2021, usually in response to breaches originating with Russian criminal groups.