AIIMS Data breach, Safdarjang and Chennai patient records leaked – Are we still thinking about Cybersecurity?

A week earlier, one of India’s biggest healthcare & education giants, All-India Institute of Medical Sciences (AIIMS) was a victim of a massive ransomware data breach. AIIMS was established as an institution of national importance by an Act of Parliament with the objectives of developing patterns of teaching in Undergraduate and Post-graduate Medical Education. While it’s unclear who’s behind the attack, Delhi Police refuted various reports that claimed hackers were demanding a Rs. 200 crore crypto-ransom to loosen their grip. Furthermore, 2 hospital’s data breaches have been exposed in Tamil Nadu and Safdarjung. The irony of the data breaches is that there is no clear evidence yet and there is still a thought process of focusing on Cybersecurity as an option. This article highlights a few details around these attacks and the current state of how these breaches are being managed.

Source: Reference

According to a PTI report, long queues rocked AIIMS as its online appointment system remained offline. The hospital had to deploy additional staff to help with the rush. All of the hospital’s services, including outpatient and in-patient departments and labs continue to operate manually. Billing counters and diagnostic centres saw long queues after the server outage continued after a week.

Secondly, on Saturday, the Safdarjung Hospital in Delhi reported that a cyberattack occurred in November. The statement follows an alleged ransomware attack that occurred on the servers of the All India Institute of Medical Sciences on November 23, disrupting several patient services. The damage was not as impactful as AIIMS as most of the records are yet to be digitized. Some of the computers weren’t accessible. The third hospital was based off Chennai – “As per the CloudSEK, the data was allegedly sourced from a compromised third-party vendor, Three Cube IT Lab, and includes patient data from 2007 to 2011.” As per the dark web reports – Hackers made $400 by selling the personal information of 1.5 lakh Sree Saran Medical Center patients. According to the report, the hackers provided a sample as evidence for potential buyers to examine the data’s authenticity. Patients’ names, birth dates, addresses, guardian names, and doctor information are included in the compromised data.

CloudSEK claims that its researchers were able to identify the healthcare company whose data was present in the sample by using the names of the doctors in the database. After that, they were able to determine that the doctors work at Sree Saran Medical Center in Tamil Nadu. According to CloudSEK, the company has now informed all stakeholders of the data breach.

With the rapid adoption of digitization across multiple industries like Healthcare, Manufacturing, the absolute necessity of having a Cybersecurity framework and an incident response plan in place. Additionally, this just goes on to show how important it is to have a threat intelligence team as it benefits to a great extent to map the latest TTPs and get useful analytics from dark web research. The more we delay, the catastrophic impacts of such attacks will be overwhelming for us to manage and mitigate. Such data breaches just go on to show unless you did not get hit you will always think you are secure! 


Published by The Art of Cyber-Space

I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of neuroscience and neurotechnology research from a security perspective. I love exploring various blog posts and share knowledge about the current threat landscape to instill more cybersecurity awareness.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: