After a cyber attack wrecked the internal systems of All India Institute of Medical Sciences (AIIMS), the premier medical institution switched many operations from digital to manual seven days ago. Mint explains how devastating such a hack can be.
What happened in the cyberattack on AIIMS?
A breach was detected in the internal systems of AIIMS on 23 November, which led the hospital to shut down most digital patient care systems and move to manual means. AIIMS confirmed the attack in a statement and has said that data restoration and server cleaning are taking time because of the large volumes and the number of servers that the hospital services require. The premiere medical institution also said that it is taking cyber security measures, and Mint reported earlier that it has reached out to multiple agencies and IT firms to strengthen its systems for the future as well.
Was it really a ransomware attack?
A ransomware is malware that encrypts data on a system, blocking users’ access to that data. Hackers ask for a ransom in order to return access to that data, which in this case is said to be ₹200 crore. According to some security professionals, a ransomware attack is likely, since other trojans wouldn’t bring things to a standstill the way it has. They pointed out that info-stealers would have tried to avoid detection and stolen data, and would be easier to remove. However, the ransomware theory has been denied by both AIIMS and the Delhi Police.
Why is it taking long to bring systems back online?
Security professionals working at AIIMS will have to check the entire system now, making sure that each system on the network is malware-free. This can indeed take time, and seven days is quite natural. In fact, security pros said that in large systems where a hack hasn’t been contained, restoring access can take months or even years at times.
Can AIIMS’ data be recovered?
Hospitals almost always have multiple backups of their data for recovery for such situations. That said, security pros said that restoring from a backup doesn’t mean that hackers lose access to the data. AIIMS will have to ensure that the vulnerabilities are identified and systems are properly patched before restoring access. Failing to do so will allow the hackers access once the system is back online. AIIMS holds data of millions of patients including former prime ministers, which needs to be protected.
How devastating can such a hack be?
In 2017, shipping company Maersk was hit by ransomware called NotPetya, and the company had to overhaul almost its entire infrastructure and reinstall thousands of machines. Security pros said that commercial malware would be easier to deal with, and those working on restoring the systems could easily find help. However, it could get complicated if the malware in question has never been seen before. If they fail to find the flaw, AIIMS may have to overhaul its infrastructure and reinstall all systems.
Download The Mint News App to get Daily Market Updates & Live Business News.
More
Less
