BENGALURU: In a recent ransomware attack at the National Institute of Mental Health & Neuro Sciences (NIMHANS), “no sensitive information or patient data was compromised,” said Director NIMHANS Pratima Murthy. Setting aside concerns of leakage of data, she said the ransomware was detected early on March 22, following which NIMHANS “timely plugged in all the loopholes and made immediate and necessary changes to secure our systems. No sensitive data including patient data has been compromised,” she added.
The premier mental health institute was recently a victim of ransomware attack, in which many of its systems were found to be compromised and files encrypted by some unknown hackers, who demanded a ransom of $5,000 in Bitcoins.
According to informed sources, NIMHANS uses e-hospital software developed by the National Informatics Centre (NIC), which is hosted on the institute’s server. “We have got endpoint protection at the server level software. For all the Outpatient Departments (OPDs), the institute uses Thin Client – a watered down version of desktop that runs from resources stored on a central server instead of a localised hard drive. Hence all OPD data was safe. So far as the inpatient data is concerned, it was protected because that is on a LAN connection with minimum access to the Internet. The patient data back-up is done daily and every six hours for laboratory reports,” said sources.
“However, some faculty members, who found their system to be infected may have lost their manuscripts or other documents because of encryption. Following the cyber-attack, all e-mail communications at NIMHANS are being shifted to nimhans.ac.in server including those for students,” added the sources.
Giving details of the cyber security attack, sources said that on March 22, a faculty member complained to the NIMHANS IT Cell that they were unable to open their files. Later, they found that many other systems were also compromised and that’s when they realised that it was not an issue of malware. “We immediately got in touch with the Indian Computer Emergency Response Team (CERT-IN), NIC and an internationally well-known third party to conduct a forensic audit of the cyber security attack. They responded and within an hour they were able to detect the issue. Meanwhile, NIMHANS gave a written complaint to the cyber-crime cell, South division regarding the attack on March 29,” said sources on condition of anonymity. “The delay in giving a written complaint was because we had to gather the logs from each system,” said sources.
Staff asked to disable LAN connections
The IT Cell of the institute sent a communication to its faculty informing them that the institute was victimised by malware triggered by a virus contained in a mail received via Windows 7 or 8. “The employees were asked to disable their LAN connections to prevent malware from spreading to other machines, immediate steps were taken to install anti-virus software and all passwords were changed,” added the sources. The FIR (0383/2022) in the ransomware attack case was, however, filed a month later, on April 30. Explaining the delay in filing the FIR, sources pointed out that the immediate concern of the institute was to “secure the systems. There are around 1,500 systems in the institute. All of them had to be forensically audited”, said sources. NIMHANS has nominated IT champions in every department/section, and awareness programmes are being conducted on cyber security.