AIIMS's cyber attack involves data leaks & sales on Dark Web

New Delhi: The massive ransomware attack at the All India Institute of Medical Sciences (AIIMS) here involves large-scale leaks and scale of databases on the Dark Web. Authorities are still at the edge of getting the servers up and running after the attack happened earlier this week, IANS reported.

The leaked databases include Personally Identifiable Information (PII) of patients and healthcare workers as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc.

The AI-driven cyber-security firm CloudSEK told IANS, "Government agencies involved in the healthcare industry should abide by HIPAA's (Health Insurance Portability and Accountability Act) compliance requirements, create awareness among users regarding cyber-attacks, online scams, and phishing campaigns, set up policies for secure passwords and enable multi-factor authentication (MFA)."

The cyber attack on AIIMS shut down its main and backup servers.

The cyber attack shut down AIIMS's main and backup servers. The e-hospital service, which manages the patient data system, affecting the outpatient department (OPD) and sample collection services, was targeted.

The attackers told AIIMS to prepare for negotiations while the incident is being investigated by the Delhi Police.

AIIMS informed us that all affected online patient services are now being run in manual mode.

CloudSEK said that there had been an uptick in massive cyberattacks on healthcare organisations since the pandemic outbreak.

The company said, "Our research shows that in the first four months of 2022, the number of cyberattacks on the industry rose by 95.34 per cent compared to the same period in 2021. The Indian healthcare sector was the second most targeted when it comes to cyberattacks worldwide."

Now, safeguarding patients' medical and financial information has become a challenge for healthcare organisations.