Single Blog
INTELEGRID SECURITY ALERT
Cyber-attacks on hospitals have become a significant concern globally. Healthcare institutions in India are increasingly being targeted by hackers due to the vast amounts of sensitive patient data held by these institutions. The country’s push for digitization has increased the potential attack surface for hackers, as healthcare systems become more connected. Resource constraints, outdated legacy systems, ransomware attacks, and regulatory compliance make public healthcare an attractive target for cyberattacks. To protect against these threats, healthcare institutions must enhance their cybersecurity measures
National Institute of Mental Health and Neurosciences, Bangaluru
The cyber incident involving the National Institute of Mental Health and Neurosciences (NIMHANS) on March 23, 2022, was a ransomware attack that significantly impacted the institution’s computer systems and data. The attack led to the encryption of numerous computer files and systems, rendering them inaccessible to authorized personnel. This event compelled Nimhans to file an official complaint with the Bengaluru City Police on April 30, 2022, about a month after the initial attack occurred.Dr. Pratima Murthy, the director of NIMHANS, was responsible for submitting the complaint to the police. However, it took more than a month after the NIMHANS faced a ransomware attack before the administration filed a complaint with the Bengaluru City Police. After about a month after the cyber-attack, that too was under the severe pressure of the Nimhans Employees’ Association only she filed the complaint. In addition, the Employees’ Association strongly urged that professionals should be appointed to the organization’s IT division. One member of the association said, “There is an IT department that does nothing but exist for show. No cyber safety assessment has been carried out, and no proper cyber professionals have been hired out.”
Safdarjung Hospital, Delhi
Safdarjung Hospital is a public hospital in Delhi. In terms of total beds, it is the largest central government hospital in India, run by the Ministry of Health and Family Welfare. The hospital offers a range of medical services and is affiliated with Vardhman Mahavir Medical College. It is well known for providing beneficiaries with lower treatment costs and is backed by several programs, such as CGHS, ECHS, and others. In the heart of New Delhi, it is located on the Ring Road across from the All India Institute of Medical Sciences (AIIMS). Safdarjung Hospital in Delhi experienced a cyber-attack in November, which was reported in December 2022. The hospital’s server was down for a single day due to the attack. However, the data was secured, and the impact was not as severe as the cyber-attack on AIIMS Delhi. The hospital’s Outpatient Department (OPD) services, which are run manually, were not badly affected. The IT department and the National Informatics Centre (NIC) managed to revive the systems promptly. It was also noted that the cyber-attack was not a ransomware attack, and the hospital’s IP was blocked during the incident.
All India Institute of Medical Sciences (AIIMS), Delhi
The All India Institute of Medical Sciences (AIIMS) in Delhi was targeted by a cyber-attack on November 23, 2022. The attack, originating from China, infiltrated 5 physical servers out of 100. The data in the affected servers was successfully retrieved, but the e-hospital service, which manages patient data systems, went offline. The attack led to a rush at AIIMS, causing services to be operated manually. The incident underscored the need for robust cybersecurity measures for institutions handling sensitive data.
Regional Cancer Centre (RCC), Thiruvananthapuram
The Regional Cancer Center (RCC) in Trivandrum has been targeted by a cyber-attack that compromised its radiation treatment software and servers storing health information of over 20 lakh patients. This attack occurred 28-04-2024. The attack halted radiation treatment and demanded a ransom in cryptocurrency worth billions of rupees. The hackers claimed responsibility via an email from abroad and demanded a ransom in cryptocurrency worth billions of rupees. There is suspicion that the attack may have been carried out by Chinese and North Korean hackers. The Cyber Police and Computer Emergency Response Team took emergency measures to reload the data which was stored in the magnetic tapes to resume the functionality.
Of course, hospital cyber-attacks have become a major global concern, and incidents targeting private hospitals in India are not exempt from this trend. A noteworthy instance involved the online sale of 1.5 lakh patients’ personal information from Tamil Nadu’s Sree Saran Medical Center following a cyberattack. The data breach was discovered by a cybersecurity firm and was traced back to a compromised third-party vendor, Three Cube IT Lab. Sensitive data, including names, dates of birth, residences, guardians’ identities, and medical information, were among the disclosed files.
Private hospitals in India often conceal cyber-attack details due to privacy concerns, reputation management, operational security, legal and regulatory implications, and negotiation with attackers. Disclosure could damage trust, expose vulnerabilities, and expose potential liabilities and penalties. Confidentiality is crucial for maintaining patient trust, preventing further attacks, and avoiding legal penalties.
These incident highlights the vulnerability of healthcare institutions to cyber threats and the importance of robust cybersecurity measures to protect patient data. It also underscores the potential consequences of supply chain attacks, where attackers target less secure elements in the supply chain to gain access to larger organizations.
AIIMS stands alone as the sole hospital, among those affected, to have instituted the requisite security protocols to fend off future cyber onslaughts. They have adopted a comprehensive defense-in-depth strategy, reinforced by multiple layers of security measures. Furthermore, they have established a robust 3-2-1 backup strategy to ensure disaster recovery resilience. However, in the wake of the recent RCC cyber-attack, it remains to be seen how they will enhance their post-incident responses to prevent such breaches from recurring. Vigilance and continuous improvement in cybersecurity practices are imperative to safeguard against the ever-evolving threat landscape.