AIIMS Cyberattack

26-08-2023

11:35 AM

1 min read

Prelims: Science & Technology

Why in news?

Recently India’s top public health institute, All India Institute of Medical Sciences (AIIMS), Delhi came under heavy ransomware attack, crippling routine health service affecting thousands of patients.
The cyberattack comes within a month after AIIMS announced that it would go paperless from January 1, 2023, and be fully digitized by April 2023.

What is a Cyberattack?

A cyberattack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.

What is the motive of a Cyberattack?

Cyberattack aims to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems.

What is a ransomware attack?

Ransomware attack is a type of malicious software that encrypts the victim’s files, block access to a computer system and requires users to pay a ransom to decrypt the files. Examples, WannaCry, Petya, etc.

It is often designed to spread across a network and target database and file servers, and can thus quickly paralyze an entire organization.
Unlike other cyberattacks, in this form of attack, the user is notified of the attack.

More about the AIIMS cyberattack

Halting access: The organization's critical data is encrypted so that they cannot access files, databases, or applications stored on the main and backup servers of the hospital.
Ransom demand: The attackers have made an undisclosed demand to be sought in cryptocurrency in exchange for a key that would decrypt the data.
Multi-agency investigation: The extent and threat of the attack is so much that multiple agencies like Delhi Police, the Centre’s Computer Emergency Response Team (CERT-In), the Ministry of Home Affairs, and even the National Investigation Agency have joined the probe.
Contingency plan: Meanwhile, AIIMS Delhi has decided to get four new servers from the Defence Research and Development Organization (DRDO) to be used on an immediate basis to provide e-hospital facility for patients.

What are the ramifications of the AIIMS cyberattack?

Compromised the data of nearly 4 crore patients: Including sensitive data and medical records of VIPs including former prime ministers, ministers, bureaucrats, and judges etc., that may be sold on the dark web by the hackers.
Cyber-terrorism threat: The Delhi Police has listed the attack under Section 66 (F) of the Information Technology Amendment Act 2008 identifying it as a case of cyber terrorism. This indicates a much larger ambit than a typical ransomware case.

Vulnerability of India’s healthcare sector to cyberattacks

The Cyber threat watchdog CloudSEK has reported that the Indian healthcare sector was the second most targeted by cybercriminals worldwide.
Its research also showed health organizations witnessed a massive spike in cyberattacks during the pandemic. For example, in the first four months of 2022, the number of cyberattacks on the sector rose by 95.34% compared to the same period in 2021.
According to Indusface, a software security company, there were more than 1 million cyberattacks of various types across its global healthcare clientele. Of these, 278,000 attacks were reported in India alone.
As per Google, the India witnessed saw 18 million cyberattacks and 2 Lakh threats per day in the first quarter of 2022.

What are the reasons for increased cyberattacks on healthcare infrastructure?

Increased dependency on digital systems after Covid: The hackers and criminal syndicates realized the heavy dependence of medical institutes on digital systems to optimally manage medical functioning as well as store and handle large volumes of patient data.
Health and medical sector not defined as critical information (CI) infrastructure: In India, while health is not specified directly as a CI while most countries have declared so.
- The National Critical Information Infrastructure Protection Centre (NCIIPC) has identified Power & Energy; Banking, Financial Services & Insurance; Telecom; Transport; Government; Strategic & Public Enterprises as Critical Sectors.

What are the safeguards against cyberattack in India?

Information Technology Act, 2000 (Amended in 2008): It is the main law for dealing with cybercrime and digital commerce in India.
National Critical Information Infrastructure Protection Centre (NCIIPC): It was created under Section 70A of IT Act 2000 to protect the nation’s critical information infrastructure.
CERT-In (Cyber Emergency Response Team): It is National Nodal Agency for Cyber Security and is operational since 2004.
National Cyber Security Policy, 2013: The policy provides the vision and strategic direction to protect the national cyberspace.
Cyber Swachhta Kendra: It helps users to analyse and keep their systems free of various viruses, bots/ malware, Trojans etc.
Cyber Surakshit Bharat: It was launched in 2018 to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers and frontline IT staff across all government departments.

What are the measures to minimize cyber threats?

Make threat analysis a norm: Vulnerability report should be generated followed by an audit which will highlight the loopholes in the cyberattack preparedness of the organisation.
Timely safety audit: An annual review of the software should also be conducted, as and when the software is changed/updated, whichever is earlier.
Capacity building: The capacity enhancement for the NCIIPC and CERT-In needs to be undertaken in areas like AI/ML, Blockchain, IoT, Cloud, Automation to address the emerging sophisticated nature of threats and attacks.
- Sectoral CERTs also have to be set up for many areas including health.
Follow ‘3-2-1 backup’ approach: Healthcare entities must save 3 copies of each type of data in 2 different formats, including 1 offline. This is an industry best practice to make healthcare institutes cyber secure.
National cyber security strategy: The strategy will be a guiding document to monitor the cyber readiness of institutes and also enhance capacity on many fronts including forensics, accurate attribution and cooperation etc.
Enhanced budgetary allocation: A minimum allocation of 0.25% of the annual budget, which can be raised up to 1% to be set aside for cyber security as recommended by National Cyber Security Strategy.
Declaring strategic enterprise: An organisation like AIIMS New Delhi could be counted as a “strategic and public enterprise” as it deals with crores of patients, including the top leadership of the country.
Crisis Management: For adequate preparation to handle a crisis, cybersecurity drills can be undertaken which include real-life scenarios with their ramifications.
Safety protocols: A National Gold Standard should be created, which ensures that Indian hardware and software companies adhere to the highest safety protocols.
Cyber Diplomacy: On countering cyberattacks, the cyber security preparedness of key regional blocks like BIMSTEC and Shanghai Cooperation Organization (SCO) must be ensured via programs, exchanges and industrial support.
Awareness generation: The general public needs to be made aware of what value their personal data holds or what vulnerabilities it could generate if accessed illegally.

Q1) What are the 5 types of cyber security?

Cybersecurity can be categorized into five distinct types that includes critical infrastructure security, application security, network security, cloud security, Internet of Things (IoT) security.

Q2) What causes a ransomware attack?

Leading causes of ransomware attacks include spam/phishing emails, poor user practices, lack of cyber security training, weak passwords, lost/stolen user credentials, malicious websites etc.

Source: The AIIMS cyber-attack is a wake-up call for national security