Published: 24th November 2022
AIIMS Delhi cyber attack: Need for legal framework for data security, experts suggest
In a first-of-its-kind attack on a premier health institute in India, AIIMS Delhi's servers were down after a ransomware attack, causing chaos in the hospital
The ransomware attack on data at the All India Institute of Medical Sciences (AIIMS) Delhi has shed light on the prevalence of such attacks in India and the need for better data security. On Wednesday, November 23, AIIMS Delhi reported a failure in its server, which was down since 7 am, causing chaos in the hospital as officials were left to manually manage the OPD and sample collection. This was the first attack of its kind on a premium health institution in the country.
News agency ANI reported that according to the information given by AIIMS Delhi, "Today, the server for National Informatics Centre's Hospital being used at AIIMS, New Delhi, was down due to which outpatient and inpatient digital hospital services, including smart lab, billing, report generation, appointment system etc., have been affected. All these services are running on manual mode currently." The statement additionally stated, "AIIMS and NIC (National Informatics Centre) will take due precaution to prevent such attacks in future. As of 7:30 pm, the hospital services are running on manual mode." The officials also said that those who do not have a Unique Health Identification faced problems, along with the administration which struggled with the admission and discharge of patients," the statement stated.
So what does this say about cybersecurity in India? According to ANI, cyber expert Pavan Duggal highlighted the need for a new legal framework and said that companies and organisations across the country face a ransomware attack every 11 seconds. "AIIMS has sensitive medical data. Tons and tons of medical data can be attacked, a copy of it can be made and then it could have been encrypted using the ransomware attack. As a result of this, the entire digital services of AIIMS Delhi have been stopped and only manual services are going up," Duggal told ANI.
Calling for new approaches and measures at the central level he added, "We need to strengthen governmental systems and data by citizens because otherwise, it will snatch away not only the sovereignty but also the right to privacy. It's time that we inculcate cyber security as a way of life. India needs to make a dedicated new legal framework and a dedicated law on cyber security."
Officials from AIIMS Delhi said that the institute is taking measures to restore the digital services and is seeking support from Indian Computer Emergency Response Team (CERT-In) and National Informatics Centre