Delhi AIIMS scrambles to keep OPD going on Day 3 of server outage
Security agencies on Friday were still struggling to revive the system, resulting in the hospital administration releasing a “colour-coded form system” to segregate the patient load.
Two days after a suspected ransomware attack hit servers at the All India Institute of Medical Sciences (AIIMS), security agencies on Friday were still struggling to revive the system, resulting in the hospital administration releasing a “colour-coded form system” to segregate the patient load. The hospital has also directed heads of departments to deploy the maximum possible manpower to make up for delays due to the manual handling of administrative work.
In an office order issued on Friday, AIIMS medical superintendent Dr DK Sharma said, “We are all aware of the infelicitous software malware cyberattack on our eHospital system. It need not be overemphasised that the concerned government agencies and AIIMS administration are working hard to retrieve and restore the system’s functioning at the earliest.”
The order added, “With a view to avoid/ ameliorate any possible convenience to the large number of patients coming for OPD (outpatient departments) consultation and investigations, all chief(s) of centres and head(s) of clinical and diagnostic departments are requested to deploy additional manpower resources (faculty, residents, scientists, project staff, any other staff), irrespective of the unit etc., to the OPD and diagnostic areas to ensure that all patients coming to AIIMS to avail these services are duly attended to, with least possible waiting time or difficulty to the patients.”
Ransomware operators typically demand a payment -- hence, ransom -- to provide the key to decrypt the files. This sort of an attack involves a malware that locks away access to files, crippling regular functioning.
A common modus operandi for most ransomware operators is to threaten to leak the files to pressure their targets into paying up, which makes the AIIMS attack particularly concerning, experts said, since it involves medical records, some of the most private information about an individual.
This is the first instances of a major Indian hospital – in this case, the country’s most prominent government hospital that also treats high-ranking officials -- being affected by ransomware.
The primary and the first backup servers at AIIMS were corrupted at around 7am, in what was later found to be a ransomware attack. In an incident report sent by AIIMS medical director Dr M Srinivas to the union ministry of health and family welfare, the hospital said it first became aware of the cyber attack after receiving a call from the emergency lab, regarding the inability to view reports in the National Informatics Centre (NIC) laboratory system. Thereafter, similar reports were received from the billing section and other areas. At 8am, the outpatient department (OPD) counters also reported the same error.
The Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) cell filed a first information report (FIR) invoking sections of cyber terrorism (IT Act, section 66F) against unknown persons, while teams of the NIC and Computer Emergency Response Team (CERT-In) attempted to restore the network.
However, the servers were still down as of 10pm on Friday.
An official statement released by AIIMS said, “Investigation for the incident and efforts to bring back the digital patient care services are progressing. Actions to prevent such attacks are being planned. We hope to be able to restore the affected activities soon. All patient care services, including lab services, continue to be managed manually.”
Meanwhile, administrative work at AIIMS continued in manual mode, causing inordinate queues and chaos.
Many patients complained that they have been waiting for OPD and test appointments for the last three days, but there is no clarity as to when the systems will be revived.
“We took an appointment for a few tests for my son two months back, but when we reached yesterday, we were told that their server is down. None of the tests have happened. Even today, they told us that only emergency tests are happening. We have come from Lucknow and had no prior information about this,” said Sarita Mishra, an attendant.
A Delhi Police officer associated with the probe said, “Our initial probe has suggested that the hacker or hackers operate from outside India and exploited the weak security network of the AIIMS servers. The maintenance of the servers was not properly done, and the anti-virus softwares were quite weak. The hacker demanded money in cryptocurrency, but it’s not clear what how much the extortion demand was,” the officer said.