Server facilities at the main building of the All India Institute of Medical Sciences (AIIMS) were partially restored on Tuesday, two weeks after the cyber attack. Official sources said on Tuesday that online registration of new patients coming to the OPD has resumed, while the online appointment system is still not functional and laboratory services are running in manual mode.
He said that the server of the major hospital here is essentially down for most of the day.
Agencies like CERT, BEL, DRDO are working to recover the server
“Outpatient department (OPD) registration and admission processes were brought online in the e-hospital system yesterday (Monday). Work on integration of smart labs for samples collected from all wards and collection areas for automated analysis and reporting Additionally, agencies CERT, BEL, DRDO are helping in the rollout, said an official source.
According to sources, the All India Institute of Medical Sciences, Delhi reportedly faced a cyber attack on November 23 which brought down its servers.
A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.
Sources said internet services were suspended as per the recommendations of the probe agencies.
CERT-In, Delhi Cyber Crime Special Cell, Indian Cyber Crime Coordination Centre, Intelligence Bureau, Central Bureau of Investigation, National Investigation Agency etc. are probing the incident.
AIIMS officials said last week that the data of the e-hospital has been restored on the server.
The network is being sanitized before the services are restored, he said.
Due to the amount of data and the large number of servers and computers, the process was taking some time.
AIIMS had said that measures are being taken for cyber security.
Giving details of the entire incident, official sources said that the National Informatics Center (NIC) e-Hospital at AIIMS uses 24 servers for various hospital modules and four of these servers- the primary and secondary database servers of the e-Hospital, Servers of the primary application and primary database — Laboratory Information System (LIS) — were infected with ransomware.
The ransomware was later found in the ElasticSearch virtual server as well. He added that all the infected servers had been isolated. E-hospital and LIS database were backed up on external hard drive and scanned.
Four new physical servers including two from outside agencies were arranged to restore the e-Hospital applications.
These applications (eHospital and LIS) and databases were restored on these four new servers which have been scanned and data can be accessed. Official sources said these servers are in the computer facility and are in a separate network.
These four servers are configured with checkpoint and firewall. The other four servers were scanned for NIC applications. Viruses were found in two of these servers.
Three new servers were procured through NICSI. NIC has installed eight servers in virtualized environment and installed a sub-replica 2 at Center for Dental Education & Research (CDER), AIIMS, from where earlier e-Hospital backup was restored. Received two more servers today from NICSI. Sources said that as per the instructions of the Delhi Police, the servers affected by the ransomware have been physically removed from the server room.
Read also: Hackers attack ICMR website around 6000 times a day after AIIMS: Officials