AIIMS steps up security against cyber threats

Institute plans to separate its networks for hospital services, work to be done on intranet, open internet facilities 

Published: 11th January 2023 08:21 AM  |   Last Updated: 11th January 2023 08:21 AM   |  A+A-

Express News Service

NEW DELHI:  In view of the recent major cyber attack on the All India Institute of Medical Sciences here, which paralysed the digital patient care delivery areas at the hospital, the institute has come out with a slew of measures to protect its network from further cyber threats.

The apex medical institute has now decided to separate its networks for hospital services. The intranet facility is now completely dedicated to running e-hospital software which came under a major cyberattack and was shut down for over two weeks. The hospital’s administration has directed that the software should be run only on the intranet, which is maintained by the computer facility and should not be used for any other purposes.

For other hospital and administration-related works, including research and academics, the departments may take open internet service from MTNL. However, they will have to ensure network protection. The departments have been asked to maintain cybersecurity through the installation of anti-virus, enabling a strong password system, and maintaining a database of users/devices accessing the network.

Meanwhile, no personal internet device, computer, and wifi router will be allowed to connect to the AIIMS intranet. “Under no circumstances, a computer or device can be connected simultaneously with AIIMS intranet and the open internet,” the directions read. The decisions are based on the recommendations by cyber security experts and inputs from investigating agencies who probed the ransomware incident. The ransomware attack was reported on November 23 that crippled its routine health services which the institute offers to tens of thousands of patients daily for over 14 days.

An FIR under Section 385 of the Indian Penal Code (which refers to putting a person in fear of injury in order to commit extortion) and Section 66/66F of the IT Act, pertaining to cyber terrorism and computer-related offenses against unknown persons was filed following the incident.

Timeline of events unfolded amid major cyber attack 

November 23: AIIMS discovers a cyberattack after its e-hospital services got inaccessible
November 24: AIIMS confirms ransomware attack on its servers 
November 24: Institute shuts down WiFi, Broadband services on the campus
November 26: NIA joins the investigation for cyberattack
November 29: Hackers allegedly demand Rs 200 cr in bitcoins
November 29: AIIMS claims to restore data stored on e-hospital software
December 6: E-hospital resumes at OPDs. Starts operations at other centers in a phased-wise manner
December 12: The smart lab gets connected to the e-hospital
December 14: Union Health Ministry officials claim the cyberattack originated in China 
December 16: MoS electronics and IT Rajeev Chandrasekhar informs Rajya Sabha that 
the attack  impacted 5 physical servers and 1.3 terabytes of data


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp