Blue computer monitor with binary digits in background
India Information Security News

AIIMS Delhi Cyber attack

Nidhi Arora June 21, 2023

Report by Shreya Agarwal

New Delhi, June 10: A malware attack was reported at the All India Institute of Medical Sciences, Delhi on 6th June, 2023 at 14:50 IST. This attack was countered and neutralised within a day with the help of an advanced firewall security system used by the institute.

This is the second cyber attack at the premium institute in an year, the first occurring in November, 2022. The one in November lasted for more than 15 days which disabled online services at the hospital. As a result of this, AIIMS Delhi restructured and strengthened its eHospital network. It declared that the eHospital network could only be accessed on a secure AIIMS LAN/intranet network, which would be maintained by its computer facilities department. Also, there were several changes in the firewall’s rules following the attack.

This restructuring of the eHospital services, coupled with the changes in the firewall’s rules were the main reasons that the attack didn’t turn big, and could be quickly impeded.

The firewall, sensing suspicious activity, blocked the network to stop further virus spread. This blocking of the network lead to the servers being down for four hours. Doctors at AIIMS couldn’t take out reports of patients during this whole time.

The eHospital services were fully secure and functioned normally after the attack was completely thwarted, as clarified by AIIMS Delhi in an official tweet.

Currently, the cyber cell of AIIMS is under the DRDO (Defence Research and Development Organisation), while agencies like NCIIPC (National Critical Information Infrastructure Protection Centre) and CERT-In (Indian Computer Emergency Response Team) are investigating the attack.

**********************

Terms:

LAN: Local Area Network, a network based in a small region; like schools, residential societies, a small part of a large organisation, etc.

Intranet: a private network used to share information within only a specific group of people, for ex: an intranet can be used in an organisation to share information among the employees of a specific department only.