New Delhi, Nov 12: From a significant ransomware attack on the All India Institute of Medical Science (AIIMS) that paralyzed its centralized records and other hospital services last year to the recent Indian Council of Medical Research (ICMR) data leak, exposing the personal information of at least 81.5 crore Indians, cyber threats persistently outpace cybersecurity measures.
Following the suspected Chinese involvement in the hacking attack on AIIMS-Delhi in November last year, another prominent hospital in the national capital, Safdarjung Hospital, faced a data breach in December.
While the Safdarjung Hospital breach was less severe than AIIMS-Delhi’s, with a major part of the hospital operating manually, specific sections of the hospital server were affected. The server was down for a day but was subsequently rectified.
Months after the AIIMS-Delhi cyber attack, questions remained unanswered about the encrypted patient data that may have been exfiltrated. Sensitive data of 40 million patients, including political leaders and VIPs, was potentially compromised. The government insisted that services were restored, and patient data repopulated, but concerns lingered about the fate of the compromised data.
The Indian Computer Emergency Response Team (CERT-In) attributed the attack to improper network segmentation, and Union Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar, noted it was carried out by unknown threat actors.
Pavan Duggal, Founder and Chairman of the International Commission on Cyber Security Law, emphasized the need for specific legal provisions to combat ransomware, citing examples from the United States.
The recent ICMR breach, allegedly exposing the personal data of 81.5 crore Indians on the dark web, prompted government acknowledgment of evidence of leakage, with an ongoing investigation asserting that the data was not stolen.
In September, cybersecurity researchers discovered a breach in the official website of the Ministry of AYUSH in Jharkhand, exposing over 3.2 lakh patient records on the dark web. The compromised data included patient records, PII, medical diagnoses, and sensitive information about doctors. The breach, attributed to a threat actor named “Tanaka,” raised concerns about the vulnerability of healthcare data in India.
(With inputs from IANS)