Hackers demand Rs 200 Crores in Cryptocurrency to restore this Indian institution’s Server

Hackers demand Rs 200 Crores in Cryptocurrency to restore this Indian institution’s Server

It is anticipated that the data of about 3–4 crore patients has been compromised due to the data breach discovered Wednesday morning, as the server has been down for six days.


  • As the hackers demand Rs 200 crores in cryptocurrencies, the All India Institute of Medical Sciences (AIIMS) in Delhi has been the target of cyberattacks for the sixth day.
  • 3–4 crore patients, previous prime ministers, VIPs, and their official credentials have been compromised.
  • AIIMS operates manually as it exposed 40 million patients to cybercrime, yet handling patient data without health IDs and patient admissions and discharges are still challenging.
  • The perpetrators held VIP's medical data, blood donor records, ambulance records, immunization records, patient profiles, caregiver login information, and other personally identifiable information (PII) hostage.

The All India Institute of Medical Sciences (AIIMS) Delhi (1) server was running down for the sixth day. Government sources claimed on Monday that hackers had allegedly demanded an estimated Rs 200 crore in cryptocurrencies from the institute (2).

Since the Server was down, patient care services in emergencies, outpatient, inpatient, and laboratory wings are being managed manually. The data of approximately 3-4 crore patients may have been compromised due to the hack discovered Wednesday morning.

The ransomware attack, which is a case of cyberterrorism and extortion reported by the Delhi Police's Intelligence Fusion and Strategic Operations (IFSO) unit on November 25 (3), is currently being investigated by the Indian Computer Emergency Response Team (CERT-IN) (4), the Delhi Police, and representatives of the Ministry of Home Affairs (5).

On the advice of the investigating agencies, internet access has reportedly been disabled on hospital computers. Additionally, the AIIMS server reportedly contains data on several VIPs, including judges and former ministers.

Additionally, the AIIMS server reportedly contains data on several VIPs, including judges, former ministers, bureaucrats, and members of parliament.

One of the individuals informed PTI that hackers had allegedly sought almost Rs 200 crore in cryptocurrency. In the meantime, the NIC e-hospital database (6) and application servers have been restored.

According to an official source, the NIC team is scanning and disinfecting other AIIMS-based e-hospital servers necessary to provide hospital services. Four physical servers have also been set up to restore e-hospital services that have already been scanned and prepared for databases and applications.

Antivirus software has been organized for servers and computers and placed on roughly 1,200 of the 5,000 computers in the AIIMS network, which is currently being sanitized. According to the source, twenty out of fifty servers have already been examined. This work is ongoing around the clock.

E-hospital services can be introduced gradually while the network is still fully cleaned up, which should take another five days. Emergency, outpatient, inpatient, laboratory, and other patient care services are still provided manually, the source said (PTI).

Hackers demand Rs 200 Crores in Cryptocurrency to restore this Indian institution’s Server
Photo by Jefferson Santos / Unsplash

AIIMS Delhi now turns Manual

The servers for its e-hospital system went down, exposing over 40 million patients to cybercrime and impacting digital hospital services, including smart lab, invoicing, report creation, and the appointment system. The AIIMS institute currently oversees 2,500 beds (7).

Even though AIIM Delhi has switched to manual operations, it still finds it difficult to care for patients without unique health IDs and manage patient admissions and discharges. The Intelligence Bureau, the Central Bureau of Investigation, the Ministry of Home Affairs, and the National Investigation Agency are assisting in the probe.

The next day, AIIMS released a new set of SOPs stating that patient admission, discharge, and transfer will be handled manually until the e-hospital system is operational. In the meantime, the Delhi Police has reported the attack's perpetrators for computer-related fraud, extortion, and cyberterrorism.

Additionally, the hospital said over the weekend that more staff had been deployed to help manage diagnostics, labs, and OPD services while the e-hospital system is still down as a safety precaution and that internet services at AIIMS have been blocked as a result.

Hackers demand Rs 200 Crores in Cryptocurrency to restore this Indian institution’s Server
Photo by Kenny Eliason / Unsplash

Since the incident, AIIMS Delhi has seen 12,000 patients every day, and as of Monday, it was still operating in manual mode as efforts were made to restore data and clean IT systems. These efforts are said to take some time because of the amount of data and servers they are working with.

While the Delhi police have refuted claims of an alleged ransom demand in cryptocurrency from hackers, the initial probe into the cyber hack points to the involvement of international entities, a news source indicated that the cyberattack may have exposed the hospital records of up to 40 million patients.

PPIs of patients and healthcare professionals, records of blood donors, ambulances, vaccinations, caretakers, and employee login passwords may have all been present in the exploited AIIMS database. This significant cyberattack occurs just as the pioneer AIIMS institute is getting ready to fully integrate the e-hospital system as part of its move to a paperless hospital next year.

The e-hospital platform, created by the NIC, is an HMIS hosted on the MeghRaj national cloud system. It allows for digitizing internal workflows and processes and acts as a hub for patients, hospitals, and physicians.

💡
AIIMS Delhi is now installing a smart card payment facility at its counters to go completely digital for payments starting in April next year.

Is Data the Digital Oil?

The perpetrators held around four crore patient profiles at ransom, including private information and VIPs' medical records, administrative records on blood donors, ambulances, vaccinations, caregivers, and employee login information. These patient profiles also contained personally identifiable information (PII) about patients and healthcare workers (8).

Hackers demand Rs 200 Crores in Cryptocurrency to restore this Indian institution's Server

Multiple agencies working on the attack have not been able to fully solve the case due to the attack's scope and threat. The attack, thought to have been significant, comes less than a month after AIIMS declared that it would stop using paper as of January 1, 2023 and that it would be entirely digital by April 2023.

AIIMS is not a stand-alone case

According to cyber threat watchdog CloudSEK, the Indian healthcare sector is the second most targeted globally by cybercriminals. Another study by the company showed that health organizations experienced a significant increase in cyberattacks during the pandemic (9).

Hackers demand Rs 200 Crores in Cryptocurrency to restore this Indian institution’s Server
Photo by Kevin Ku / Unsplash

In comparison to the same period in 2021, there were 95.34 percent more cyberattacks in the sector in the first four months of 2022. A software security company called Indusface claims that its clientele in the global healthcare industry has been the target of more than 1 million cyberattacks of various kinds, of which 278,000 were reported in India alone (10).


Siddhesh Surve

An Enthusiastic Learner! With his roots in Navi Mumbai and a Journalism Background, he aims to connect with readers and share facts about his hobby, "tech in India," and its advancing inventions.