The second cyber attack on AIIMS took place just last fortnight, but the hospital's cyber security systems were able to successfully thwart this attempt.

IMAGE: The All India Institute of Medical Sciences (AIIMS) in New Delhi. Photograph: PTI Photo

After facing two cyber attacks in the last eight months, the All India Institute of Medical Science (AIIMS) in New Delhi is expediting 'complete revamp' of its IT infrastructure with special emphasis on "improving legacy network and security operations centre", according to official documents reviewed by Business Standard.

Asked about information about this 'complete revamp', the institute is planning, an AIIMS spokesperson said the "details are still under finalisation".

AIIMS has been using a dashboard, developed in-house, to show information about real-time emergency beds availability.

'After the recent (November 23, 2022) cyber incident, NIC (the National Informatics Centre) has been requested to develop the dashboard in eHospital,' the documents noted.

The eHospital portal is an online registration and hospital management system being used by 1,138 hospitals, including AIIMS in New Delhi.

The first cyber attack on AIIMS took place on November 23 last year when files on the NIC's eHospital were found to be encrypted.

A message was found on the server suggesting that it was a 'ransomware attack'. This incident affected the hospital's operations for two weeks.

The second cyber attack on AIIMS took place just last fortnight, but the hospital's cyber security systems were able to successfully thwart this attempt.

'The eHospital services remain to be fully secure and are functioning normally,' AIIMS had stated on June 6.

As per official documents, the November 23 incident was the first time that AIIMS came under a cyber attack.

'Such a cyber security incident happened at AIIMS, New Delhi, for the first time. The older network was unmanaged and its upgradation was already being worked upon. Old computers (were) not getting operating system updates and are now getting replaced,' they mentioned.

"After taking the immediate measures, cyber security is being further strengthened in coordination with the agencies concerned.

'A complete revamp of the IT infrastructure, which is in the pipeline, is being expedited with emphasis on improving legacy network and security operations centre,' the documents noted.

The copies of data are now protected in different servers for the continuity of business activity.

'This was done by putting in place enhanced security features which could be implemented immediately like endpoint hardening, strong firewall policies and network segmentation, etc, with the help of CERT-In (Indian Computer Emergency Response Team) and other agencies,' the documents stated.

When the first cyber incident took place at 7 am on November 23, the systems were immediately disconnected and put offline to prevent further spread of the infection.

'The CERT-In was informed about this cyber incident and an FIR dated November 24, 2023, was registered with the special cell of the Delhi police. Six infected physical servers were seized by the Delhi police's special cell for their investigation,' the documents said.

All the data for eHospital, they noted, was retrieved from a backup server which was unaffected and restored on new servers.

'Most functions of the eHospital application like patient registration, appointment, admission, registration, etc were restored after two weeks of the incident,' the documents added.

In this interim two-week period, the hospital services were provided in offline/manual mode.

Feature Presentation: Ashish Narsale/Rediff.com