AIIMS Ransomware Attack
Date: 5 July 2023
AIIMS New Delhi, is one of the most premier, government-run healthcare organisations in the largest democracy in the world, India. The ransomware attack on AIIMS Delhi did not just have a massive impact on healthcare delivery in a country where a vast number of people depend tremendously on government-run hospitals. It also sent a louder warning message about cybersecurity concerns surrounding healthcare.
We have created an educational timeline that covers the cyber incident as it unfolded in a chronological order. In this timeline, we’ve categorised the data as: The Incident, Impact, suspected Threat Actors and Response.
As always, the idea with our Cyber Attack Timelines is not to turn the spotlight on the victim but to learn lessons from others' experiences.
Quick reading guide:
Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.
About the AIIMS Ransomware Attack
The All India Institute of Medical Sciences (AIIMS), Delhi was hit by a cyber-attack late last year which forced the medical institution to switch to a manual mode of operations. The ransomware attack, like many others, targeted the organisation's sensitive data, including patient records, research data, and administrative information.
The AIIMS cyber attack posed a major risk to patient confidentiality. But more significantly, it caused serious disruptions to the delivery of medical services. With critical systems affected, AIIMS faced challenges in providing timely healthcare services to patients, potentially compromising their well-being.
The attackers, in this case the LockBit ransomware gang, allegedly demanded approximately Rs 200 crore (which is about $24.5 million) in cryptocurrency from the All India Institute of Medical Sciences. It must be noted that the AIIMS server was down for six days in a row as a result of the attack.
Such disruptions highlight the kind of devastating impact that ransomware attacks on healthcare organisations can have.
The AIIMS incident garnered widespread media attention and raised alarm bells around global security practices. But more importantly, it was a wake-up call for several similarly sized government-run organisations in India and healthcare providers the world over. Because unlike in several other industries, ransomware attacks on healthcare don't just damage the public profile and the bottom line of the organisation. They directly impact human life itself - thereby highlighting how catastrophic this cybersecurity problem can really be for the world.
AIIMS Ransomware Attack Timeline
At Cyber Management Alliance, we are deeply committed to creating educational material for the community. The idea is to educate and keep business owners and Security Professionals well-informed on the new risks and threats that they face every day.
As part of the same endeavour, we have created this educational timeline capturing the events in the ransomware attack on AIIMS as they unfolded.
This timeline is based only on information that's available freely on the internet and in media reports. Our objective is to simply present this information in an easy-to-consume visual guide that can help cybersecurity practitioners and business owners to understand what happened and how.
You can read this comprehensive timeline here.
Lessons Learned from the AIIMS Attack
AIIMS is one of the most celebrated medical institutes in India and across the globe. The cutting-edge medical technology available and some of the most renowned medical specialists in the world are amongst the many reasons why people from all over India and other countries visit AIIMS for treatments. It is also a highly prestigious institute for medical research and study.
Our aim with these educational timelines, is never to vilify the victim. The idea, simply, is to demonstrate that even an institute the size of AIIMS, with tremendous global appeal and government resources could suffer such a serious impact due to a ransomware attack.
It does make you think how your business would weather a storm that a ransomware attack might throw its way.
This is why it’s imperative to take a hard look at your Ransomware Readiness and Ransomware Mitigation Plans. It's only natural to feel underprepared to deal with a ransomware attack, especially after understanding what went wrong at AIIMS. It may, therefore, be a good idea to hire cybersecurity specialists through cost-effective services such as the Virtual Cyber Assistant service.
The virtual cybersecurity experts can help you evaluate your cybersecurity posture and help you build defences against crippling ransomware attacks. They can also help you conduct Ransomware Tabletop exercises that can show you how well your management & Incident Response teams are equipped to handle a real attack.
As a starting point, you can use these FREE resources created by the cybersecurity experts at Cyber Management Alliance and start assessing where you stand in terms of ransomware prevention and protection:
Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.