In the last few months, global cyber security agencies noticed exfiltration and infiltration attempts from the networks of the National Knowledge Network, the critical high-speed network that is the backbone for linking all national centres of learning and research in the country. The attempts were thwarted, dangers mitigated and vigil stepped up. But, clearly, the sophisticated cyber criminals - part of organised global syndicates with links across the border - managed to pull down the network of the biggest healthcare and research centre - the All India Institute of Medical Sciences.
The worry isn’t just AIIMS and its patient database that has leaked out information of blood donors, vaccine records, ambulance services and administrative records. The bigger worry is the potential threat to the E-science infrastructure being built in the country, involving key institutions and research centres in medical care like AIIMS, which are participating in knowledge and data sharing through high speed online network of the NKN. These efforts are part of next generation model of e-governance applications to provide remote delivery of healthcare services.
Is the healthcare sector ready for it? Cyber security experts are worried that the AIIMS ransomware attack has once again exposed the cracks in the cyber security preparedness of the country, especially the National informatics Centre meant to protect the government’s digital infrastructure.
However, the worry isn’t limited to government-run institutions and systems but private hospitals, labs, imaging centres that have all faced a spate of cyber attacks in the last two years during the Covid crisis.
Healthcare institutions in India have now arrived on top of the chart of ransomware attacks, after power, oil and airlines, said a senior government official.
The last ransomware attack that caused worry for New Delhi was the Rs 120-crore ransomware attack on Oil India Limited’s computer systems in Dibrugarh district in Assam in April this year. It led to the shutting down of the systems of the PSU, leading to an outage and finally a ransom note was found in one of the computers infected by the malware. The government exchequer and the company incurred losses but the incident exposed the vulnerabilities that existed across sectors.
What is also making the AIIMS ransomware attack a curious case for investigators is that it is not a typical attack where the machines get locked and hospitals cannot access data till they pay the ransom. This time, the amount - close to Rs 200 crore - has been demanded and the data might have already landed at the ransom forums that exist in the online domain, said a cyber security official.
Non-state cyber criminals are normally after money. But if a nation state or a state-sponsored threat actor is involved, then the attack, the leak and the amount are part of a larger strategy to cause damage to the network and the nation state, more than the greed for money. “In ransomware attacks carried out by non-state actors and cyber criminals, the demand is reasonable so that the victim is able to pay it,’’ said a security official.
Incidentally, the biggest ransomware attack on the US colonial pipeline in 2021 - which is the largest attack on critical infrastructure in the US till date - saw a demand of Rs 120 crore approximately. The probe later showed that a nation state was behind it. “This time, the amount seems to be even more than the colonial pipeline attack,” said an expert.
The payment in cryptocurrency of a huge amount would also leave a digital footprint - as seen in the successful cracking of the colonial pipeline case by the US authorities who traced the “state actors” within a week.
For now, the AIIMS cyber-attack is a matter of investigation for cyber czars to see if the ransomware amount is a smokescreen by hackers, who were more keen to send out a message.
