Independent , Honest and Dignified Journalism

Data Security Crisis in Indian Healthcare: From AIIMS to ICMR, Unraveling the Ongoing Saga of Cyber Attacks

Dark Web Shadows Over Indian Healthcare: Unraveling the Unsettling Trail of Data Breaches from AIIMS to ICMR

13-11-2023 : The specter of data breaches looms large over the healthcare infrastructure of India, from the debilitating ransomware assault on the All India Institute of Medical Science (AIIMS) that crippled essential services to the recent Indian Council of Medical Research (ICMR) data leak allegedly exposing the personal details of a staggering 81.5 crore Indians. In a perpetual game of cat and mouse, hackers seem to outpace cybersecurity agencies, leaving institutions vulnerable and the personal information of millions at risk.

The AIIMS-Delhi grappled with a massive cyber attack in November, suspected to have Chinese involvement. Subsequently, another eminent medical institution in the national capital, Safdarjung Hospital, fell prey to a data breach in December. Although the impact on Safdarjung Hospital was less severe, with a significant portion of its operations relying on manual processes, the incident underscored the pervasive threat to healthcare data security.

Months after the AIIMS-Delhi breach, questions lingered about the fate of encrypted patient data that may have been exfiltrated. Sensitive information of 40 million patients, including political leaders and VIPs, was potentially compromised. While the government assured that services were restored and patient data repopulated, concerns persist about the potential migration of compromised data to the dark web.

The cyber attack on AIIMS-Delhi was scrutinized by the Indian Computer Emergency Response Team (CERT-In), attributing it to improper network segmentation. Union Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar, identified the threat actors as unknown, emphasizing the need for specific legal provisions to combat ransomware. Pavan Duggal, Founder and Chairman of the International Commission on Cyber Security Law, highlighted the global challenge posed by cybercriminal activities, with India being a significant target.

In the recent ICMR data breach, where personal data of 81.5 crore Indians allegedly surfaced on the dark web, the government acknowledged evidence of leakage, initiating an ongoing investigation. The Central Bureau of Investigation (CBI) is anticipated to step in once a formal complaint is filed by ICMR. This incident adds to a string of cybersecurity breaches in the healthcare sector, including the compromise of over 3.2 lakh patient records from the Ministry of AYUSH in Jharkhand, underscoring the urgency for comprehensive cybersecurity measures in safeguarding sensitive medical data.