AIIMS ransomware attack: Key patient data at risk of leak, sale on Dark Web

Representational Image
Representational ImageFile/GK

New Delhi, Nov 26: With the All India Institute of Medical Sciences (AIIMS), New Delhi, still struggling to get its servers up and running after a massive ransomware attack earlier this week, cyber-security researchers on Saturday said the most reported attacks in the healthcare industry, which rose during the pandemic, involve the leak or sale of databases on the Dark Web.

The exploited databases contain Personally Identifiable Information (PII) of patients and healthcare workers, as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc.

"Government agencies involved in the healthcare industry should abide by HIPAA's (Health Insurance Portability and Accountability Act) compliance requirements, create awareness among users regarding cyber-attacks, online scams, and phishing campaigns, set up policies for secure passwords and enable multi-factor authentication (MFA)," a spokesperson of AI-driven cyber-security firm CloudSEK told IANS.

The cyber attack on AIIMS shut down its main and back-up servers.

The attackers hacked the e-hospital service which manages the patient data system, affecting the outpatient department (OPD) and sample collection services.

Those behind the cyber attack have warned AIIMS to "prepare for a negotiation".

Delhi Police are investigating the cyber attack.

Meanwhile, AIIMS officials said that all affected online patient services are now being run on manual mode.

According to CloudSEK, a massive spike in cyberattacks on healthcare organisations has been witnessed during the pandemic.

"Our research shows that in the first four months of 2022, the number of cyberattacks on the industry rose by 95.34 per cent compared to the same period in 2021. The Indian healthcare sector was the second most targeted when it comes to cyberattacks worldwide," the company spokesperson said.

Protecting patients' medical and financial information has emerged as a new challenge for healthcare organisations.

According to Indusface, an application security SaaS company, there were more than 1 million cyber attacks of various types across Indusface's global healthcare clientele.

Related Stories

No stories found.
Greater Kashmir