Kaam Ki Baat

AIIMS Cyberattack: Biggest healthcare under ransomware attack, still looking for a cure

How AIIMS cyberattack exposes the vulnerability of the IT sector & cyber security?

Unending queues at the OPD, lab services, along with diagnostic centres and billing counters are not only frustrating for patients but also the staff at the All India Institute of Medical Science (AIIMS), Delhi, due to a ransomware attack.

Patients are waiting for their turn at various facilities for extended hours, while doctors and employees execute work manually, writing all reports and preparing bills with pen and paper.

Tuesday was the seventh day at AIIMS when the hospital’s digital services did not work, including the patient care services in emergency, inpatient, outpatient, and laboratory wings, complete patient data system and day-to-day activities, like OPD registrations and blood sample reports, remained affected and are being managed manually.

However, later that day, AIIMS Delhi said its e- hospital data has finally been restored on servers and the network is being sanitised before services can be restored completely.

Officials from the Indian Computer Emergency Response Team, Delhi Police, including the Intelligence Bureau and the Ministry of Home Affairs (MHA) are probing the incident of a ransomware attack that affected the hospital server and they are yet to find the accused involved in the hack.

It has been a week now since the biggest healthcare in the country continues to work in manual mode due to this cyber-attack that crashed the complete server-based system. And now, investigators suspect a terror angle and foreign conspiracy behind this hack on the country’s premier medical institution.


The AIIMS e-server contains data of about 4 crore patients including several VIPs like former Prime Ministers, cabinet ministers, bureaucrats, and judges along with several other political leaders and celebrities.

With this cyberattack, this data is now at risk of being lost or in the wrong hands.

Currently, the AIIMS network sanitisation is in progress to make it completely immune and antivirus solutions have been set up for servers and computers.

About 30 out of 50 servers have been scanned and this activity is ongoing 24×7 the full sanitisation of the AIIMS server network is likely to continue for a few more days.

Not only this but the internet services at AIIMS are also suspended and the situation is likely to remain this due to the ongoing investigation.


The Congress slammed prime minister Narendra Modi and his BJP government over the hacking of the AIIMS server and said it raises “serious questions” about cyber security in the country.

K C Venugopal who is the AICC general secretary lashed out at the central government and asked about the promise of a new cyber security policy that Prime Minister Narendra Modi announced two years ago.

“Hacking of AIIMS servers raises serious questions about the cyber security of the country. In the year 2020, Prime Minister Narendra Modi announced that the nation will soon have a new cyber security policy and it’s already been 2 years and we’re still waiting,” said AICC general secretary K C Venugopal on Twitter.

However, a case of extortion and cyber terrorism has been registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police.


After the United States healthcare industry which faced 28% of the total global attacks, the Indian healthcare industry recorded the second highest number of attacks with a total of 7.7 per cent in 2021, the cyber security intelligence firm CloudSEK said in its report.

The attacks on the Indian healthcare industry compromised over 71 lakh records, the CloudSEK report further said.

According to US-based cyber security firm, Norton, India found more than 18 million cyber-attacks and threats, at an average of nearly 200,000 threats every day, in the first 3 months of 2022.

Also, this year in Lok Sabha, ministers informed that India is the third most affected country in the world in terms of network attacks.


A Google executive said that the tech giant has introduced several products and features in India before rolling them out in the rest of the world with an initiative and program to support online safety and combat online fraud. With a $2 million grant to strengthen support channels and expand digital literacy initiatives.

Google India also announced that the company would continue to do this in the context of cybersecurity, privacy and safety as India is a ‘great example of a growing thriving dynamic online ecosystem.

The Indian government has also started a drive to upgrade its IT equipment and infrastructure so that all electronic, data storage, and communication devices used in government departments and agencies remain immune to cyber threats.


Cybercriminals are looking for every possible way to attack you. So, it is not only the organisation’s and their officials’ responsibility to ensure security but every customer has to be equally aware of the security features.

1. Users don’t keep their credentials strong enough to secure their data.

2. Safety measures like using two-factor authentication or multi-layered security pins are often ignored.

3. Users still share their sensitive information over the phone for seeking benefits. Always remember, do not trust anyone on the phone or the internet and do not share details.

4. Double-check the authenticity/veracity of the message or post before sharing any sensitive information.

5. A severe lack of talent is a major problem that can hurt you or the security perimeter of the organization.

6. Most organisations don’t have sufficient funds for security maintenance.

7. Employees without adequate knowledge can put the system or information at risk.

8. Third-party applications and services can be dangerous if not properly analyzed.


In such scenarios, data breaches in digital banking, healthcare and IT companies can be a major threat. CloudSEK’s analysis revealed that in 2021 and 2022, over half of the reported cases involved the sensitive information leak or sale of databases, which is called a “data breach.”

Cybercriminals use everything to steal information from different organisations using simple scraping, web injection commands, taking advantage of exposed endpoints to complex malware attacks, etc.

Around 20% of events reported concerning threats to the digital banking sector majorly comprised buying, selling, compromising, and bypassing access to multiple digital payment systems, banking accounts, and digital wallets (crypto or otherwise).



Settlement services at Central Depository Services which is said to be the country’s largest depository by way of active Demat accounts were affected this month due to system failure caused by cyberattacks.

According to the brokers, services like pledges, pay-in, pay-out, or unpledged securities for margin were down. However, trading was not affected, brokers added.


Several Spicejet flights were either cancelled or delayed when it was hit by a ransomware attack this year in May which made the majority of the passengers furious. Later, the airline service took to the social media giant Twitter to confirm that their IT team has contained and rectified the situation and flights had started operating normally.


This happened a month before the Spicejet attack. Oil Assam (OIL) suffered a major cyber-attack in which the company’s server, network, and other related services were affected. Later, the officials confirmed that the hacker demanded about Rs 57 crore as ransom.


Last year in 2021, Tech Mahindra was affected by a ransomware attack that targeted 27 servers of the Pimpri Chinchwad Smart City project which led to a loss of Rs 5 crore. The company however reportedly spent nearly Rs 15 crore on a firewall to secure the systems.


Noida-based snacks manufacturer Haldiram experienced a ransomware attack on its servers in October 2020. The hacker reportedly encrypted the company’s files, data, applications, and systems and demanded 7.5 lakh USD for decryption.


Indiabulls Group was hit by a Clop ransomware operator as per a report by US-based cyber threat intelligence company Cyble. The cyber-attack threatened to expose the confidential data and demanded the company pay the ransom within a day. However, the affected systems were successfully restored.


In a major breach, the servers of the Telangana and Andhra Pradesh state power utilities went down after a ransomware attack. Hackers not only hacked the computer systems but also demanded six bitcoins (which was approximately Rs 24 lakh at that time) to restore access to the data of the companies.


A major global cyber attack (WannaCry and Petya ransomware) disrupted computers across the globe infecting over 300,000 computers including India. The country’s largest port Jawaharlal Nehru Port Trust in Mumbai shut down its operations at one of its three terminals as many related services were affected.

Liked this post?
Register at One World News to never miss out on videos, celeb interviews, and best reads.

Show More
Back to top button