AIIMS Cyberattack that Encrypted 1.3 TB of Data: Incident & Response

Global Cybersecurity Association
2 min readJul 12, 2023

According to the Minister of Electronics and Information Technology, Rajeev Chandrasekhar, the cyberattack on AIIMS occurred due to improper network segmentation, allowing unknown threat actors to compromise servers.

The incident disrupted critical applications, resulting in operational disruptions at AIIMS

The Indian Computer Emergency Response Team (CERT-In) conducted a preliminary analysis of the attack and advised necessary remedial measures.

Data Encryption and Restoration:

The cyberattack impacted five servers at AIIMS, with approximately 1.3 terabytes of data being encrypted. Fortunately, the e-Hospital data was retrieved from an unaffected backup server and restored on new servers.

After two weeks of restoration efforts, most functions of the e-Hospital application, including patient registration, appointment, admission, and discharge, have been successfully restored.

Government’s Response and Countermeasures:

To address cyberattacks and enhance cybersecurity resilience, CERT-In has formulated a Cyber Crisis Management Plan for implementation by all ministries, departments, organizations, and critical sectors.

The Ministry of Health and Family Welfare has been requested to disseminate a special advisory on security practices to enhance the resilience of health sector entities.

Additionally, CERT-In has been actively issuing alerts and advisories to protect computers and networks from cyber threats.

Investigation Findings:

The servers were infected with three ransomware variants: Wammacry, Mimikatz, and Trojan.

CERT-In and DRDO (CIRA) discovered the ransomware infections on five NIC servers and seven AIIMS computer facility servers.

Conclusion:

The cyberattack on AIIMS serves as a stark reminder of the increasing cyber threats faced by organizations, particularly in the healthcare sector.

It highlights the importance of robust cybersecurity measures, including network segmentation, regular audits, and employee awareness programs.

The government, through CERT-In, is actively working towards enhancing cybersecurity resilience and disseminating best practices across the healthcare industry.

As cyber threats continue to evolve, it is crucial for organizations to remain vigilant, strengthen their cybersecurity defenses, and protect the sensitive data entrusted to them.

--

--

Global Cybersecurity Association

The Global Cybersecurity Association (GCA) is a dynamic community that promotes networking, learning, strengthening cybersecurity resilience in the IT/OT field