AIIMS cyber attack: No ransom was demanded, most data restored, Government states in Parliament

Aditi Tandon

New Delhi, December 16

The government on Friday informed Parliament that no ransom was demanded in the AIIMS cyber attack and most of the functions disrupted due to the attack had been restored two weeks after the attack.

Replying to a question on whether patient, hospital or clinical data had been compromised during the attack and if any ransom was sought, Minister of State for Health Bharati Pravin Pawar today said, “Five physical servers of AIIMS, New Delhi on which e-Hospital application of NIC was hosted, were affected. No specific amount of ransom was demanded by the hackers though a message was discovered on the server suggesting that it was a cyber- attack. All the data for eHospital has been retrieved from a backup server which was unaffected and restored on new servers. Most of the functions of e-Hospital applications like patient registration, appointment, admission, discharge have been restored after two weeks of the cyber-attack.”

The minister said a First Information Report was registered by the All India Institute of Medical Sciences with the Special Cell of Delhi Police under relevant sections of the law, regarding the incident of cyber-attack.

The government also said that the National Nodal Agency for response to cyber security incidents — the Indian Computer Emergency Response Team (CERT-In) had its Empanelled Information Security Auditing Organizations for auditing including vulnerability assessment and penetration testing of the computer systems, networks and applications involving public service delivery including Ayushman Bharat Digital Mission (ABDM).

“Immediate measures were taken by AIIMS, Delhi to enhance the security like endpoint hardening, string firewall policies and network segmentation to secure all the data of the Institute,” Pawar said.

She said that to reduce the patient load on AIIMS, Delhi, setting up of 22 new AIIMS and 75 projects of upgradation of existing Government medical colleges and institutions by way of setting up of superspeciality blocks and trauma centres had been approved under Pradhan Mantri Swasthya Suraksha Yojana (PMSSY) and are at various stages of offering inpatient and outpatient services to the needy.

“The day-to-day operations and surgeries as well as associated activities and record keeping was done in a manual mode after the attack. In AIIMS, Delhi, the dashboard for the real time emergency bed availability has been developed in-house,” the minister informed Lok Sabha.