regular-article-logo Thursday, 25 April 2024
Source malware yet to be traced

AIIMS unprecented data breach sparks fears hackers could misuse information

Technicians have managed to restore some of the systems, including the e-data; but phased restoration of online services likely from December 6

Paran Balakrishnan Published 02.12.22, 03:08 PM
Representational image.

Representational image. Shutterstock

The serpentine queues that once started at 6 am outside the All India Institute of Medical Sciences (AIIMS) are now forming well before dawn. The hospital’s computer systems have been down for 10 days and all patients have to be registered in the old-fashioned way, using pen and paper. “We are seeing huge lines outside OPDs and in every department,” says a senior doctor, adding: “The logistics of working without the server are bad.”

AIIMS servers went down after a suspected malware attack, detected on November 23, making patient data, registration systems and even the Internet inaccessible. Whoever has breached the systems now has access to the records of anywhere between 30 million and 40 million patients. And that includes medical histories and sensitive information about patients’ Aadhaar and PAN cards. This, in turn, could mean that the bank details of many patients are now compromised.


This week, technicians managed to restore some of the systems – including the e-data – but the network is being “sanitised” so that services can be restored, AIIMS said. The sanitisation “process is taking some time due to the volume of data and the large number of servers/computers for the hospital services,” the hospital said.

The people whose data has been exposed could include many of the country’s top political figures for whom AIIMS is often a first stop if they fall sick. RJD chief Laloo Prasad Yadav spent a long stretch there recently. At another level, patient confidentiality could also take a hit. Says a doctor: “Confidentiality is another aspect. Some patients may have cancer which they don’t want to reveal to their employer.”

A cluster of government investigative and tech agencies have descended on the hospital led by organisations like the Indian Computer Emergency Response Team (CERT-in) which deals cybersecurity threats and the Delhi Police Intelligence Fusion and Strategic Operations (IFSO).

The National Informatics Centre, which runs the hospital’s tech systems, is struggling to return to normalcy. Authorities now say online services will return to operation in a “phased manner” from December 6. AIIMS said new “measures are being taken for cyber security.”

The source of hacking yet to be traced

In the wake of the computers being disabled there have been rumours that hackers have brought the systems down and that they demanded Rs 200 crore in cryptocurrency as payment, allegations that have been denied by police. The National Investigation Agency along with other investigators are working on the case but police said Thursday that the source of the hacking has not been detected.

Don’t forget that AIIMS is no ordinary hospital. It gets anywhere between 10,000-15,000 patients daily and they come pouring in from all over north India – mainly Uttar Pradesh and Bihar. The computer breakdown hasn’t made the slightest difference to patient numbers and it was never likely to. Says a doctor: “Rain, storm nuclear apocalypse. That number never goes down. People keep coming to us.”

The computer breakdown has meant a return to the pre-electronic age. AIIMS held exams recently for faculty positions and the results came out on Tuesday. But instead of looking online prospective candidates had to check on the hospital noticeboard. “For the first time in maybe the last 15 years, the results were pasted like they used to be in the good old days, and everyone was trying to search for their name,” says a doctor.

Fixing appointments trickier

At a graver level, blood and other such lab tests are now seriously delayed because of the need to operate manually. Fixing appointments has become trickier. Patients normally go online for an appointment and are given a unique ID number. The hospital’s attempting to get around this in the current situation by using patients’ mobile numbers as their unique ID.

However, this could result in many problems in future. Doctors say that many patients come from Uttar Pradesh and Bihar and buy a new SIM before they come to the hospital. But after they get home, they often throw away the SIM. Even before the hacking, there would be problems with follow-ups. Says a doctor: “They come to us, they get treated, they go back. Then, when you try to follow them up, you lose about 30 per cent -40 per cent of them.”

One doctor outlines how patients from out of town come to Delhi, and keep getting treated till they run out of money. Many then camp on the road outside the hospital, without even enough money to eat.

Hospitals target of hackers

Hospitals have been prime targets for hackers. In Singapore, hackers stole the personal data of around 1.5 million patients. The hackers are thought to have repeatedly sought to get the patient data of the city state’s Prime Minister Lee Hsien Loong. Similarly, the UK National Health Service was attacked in 2017.

AIIMS gets the ability to treat huge daily numbers from its massive budget. It gets more than Rs 4,000 crore from the Central Government annually. This means, incidentally, that doctors can get the state-of-the-art equipment they need – though they obviously have to contend with plenty of red tape along the way.

Doctors at the hospital have another short-term worry for themselves. Their salaries are due and with the hospital’s systems down they’re worried that their pay cheques may not come in time. But that could be a relatively minor glitch in the grander scheme of things.

Follow us on: