New Delhi, Nov 12 (IANS) From a massive ransomware attack on the All India Institute of Medical Science (AIIMS) that crippled its centralised records and other hospital services last year to the latest Indian Council of Medical Research (ICMR) data leak that allegedly exposed the personal information of at least 81.5 crore Indians, hackers have always been one step ahead of cybersecurity agencies.
After AIIMS-Delhi became the victim of a hacking attack where Chinese involvement was suspected in November last year, another top hospital in the national capital, the Safdarjung Hospital, was also hit by a data breach in December.
However, the hacking attack on Safdarjung Hospital was not as severe as the one AIIMS-Delhi faced and the chances of data leak were less as a major part of the hospital work ran on manual mode.
According to Safdarjung Hospital officials, the attack was not of a higher degree, but some sections of the hospital server were impacted. The hospital server was down for one day and was later rectified.
However, months after the cyber attack at AIIMS-Delhi, the government was yet to come up with a satisfactory answer about what happened to the patient data that was encrypted and may have been exfiltrated by the hackers.
Sensitive data of 40 million patients, including political leaders and other VIPs, was potentially compromised in the hacking.
As per sources, the AIIMS server was hacked by the Chinese. The government maintained that the services were restored and the patient data has been repopulated into the system, but the most important question is what happened to the compromised data? Did it make its way to the dark web?
The attack was analysed by the Indian Computer Emergency Response Team (CERT-In) and was found to have been caused by improper network segmentation.
According to Union Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar, the attack was carried out by unknown threat actors.
"It is time to come up with specific legal provisions to deal with ransomware. In America, they have actually now made it an offence when somebody pays a ransom, because it is said to be aiding the cyber criminal," according to Pavan Duggal, the Founder and Chairman of the International Commission on Cyber Security Law.
"Across the world, countries are roughly in a similar kind of position that India is, except that the challenges for India are far too huge. Most of the cyber criminal activities are being targeted on Indians," he added.
In the latest ICMR breach that allegedly put the personal data of 81.5 crore Indians on sale on the dark web, the government said there is “evidence of leakage and investigation is going on, but the data was not stolen".
Given the grave nature of the incident, the Central Bureau of Investigation (CBI) was likely to probe the matter once ICMR files a complaint.
In September, cybersecurity researchers found that the official website of the Ministry of AYUSH in Jharkhand had been breached, exposing over 3.2 lakh patient records on the dark web.
According to the cybersecurity company CloudSEK, the website's database, amounting to 7.3 MB, holds patient records that include PII and medical diagnoses. The compromised data also contains sensitive information about doctors, including their PII, login credentials, usernames, passwords, and phone numbers.
The data breach was initiated by a threat actor named "Tanaka".