NEW DELHI: In view of the recent major cyber attack on the All India Institute of Medical Sciences here, which paralysed the digital patient care delivery areas at the hospital, the institute has come out with a slew of measures to protect its network from further cyber threats.
The apex medical institute has now decided to separate its networks for hospital services. The intranet facility is now completely dedicated to running e-hospital software which came under a major cyberattack and was shut down for over two weeks. The hospital’s administration has directed that the software should be run only on the intranet, which is maintained by the computer facility and should not be used for any other purposes.
For other hospital and administration-related works, including research and academics, the departments may take open internet service from MTNL. However, they will have to ensure network protection. The departments have been asked to maintain cybersecurity through the installation of anti-virus, enabling a strong password system, and maintaining a database of users/devices accessing the network.
Meanwhile, no personal internet device, computer, and wifi router will be allowed to connect to the AIIMS intranet. “Under no circumstances, a computer or device can be connected simultaneously with AIIMS intranet and the open internet,” the directions read. The decisions are based on the recommendations by cyber security experts and inputs from investigating agencies who probed the ransomware incident. The ransomware attack was reported on November 23 that crippled its routine health services which the institute offers to tens of thousands of patients daily for over 14 days.
An FIR under Section 385 of the Indian Penal Code (which refers to putting a person in fear of injury in order to commit extortion) and Section 66/66F of the IT Act, pertaining to cyber terrorism and computer-related offenses against unknown persons was filed following the incident.
Timeline of events unfolded amid major cyber attack
November 23: AIIMS discovers a cyberattack after its e-hospital services got inaccessible
November 24: AIIMS confirms ransomware attack on its servers
November 24: Institute shuts down WiFi, Broadband services on the campus
November 26: NIA joins the investigation for cyberattack
November 29: Hackers allegedly demand Rs 200 cr in bitcoins
November 29: AIIMS claims to restore data stored on e-hospital software
December 6: E-hospital resumes at OPDs. Starts operations at other centers in a phased-wise manner
December 12: The smart lab gets connected to the e-hospital
December 14: Union Health Ministry officials claim the cyberattack originated in China
December 16: MoS electronics and IT Rajeev Chandrasekhar informs Rajya Sabha that
the attack impacted 5 physical servers and 1.3 terabytes of data