New Delhi: A day after India's premier hospital All India Institute of Medical Sciences - Delhi (AIIMS’s) web portal’s server went down on Wednesday, November 23, 2022, due to an alleged ransomware attack, the medical institution issued fresh guidelines for manual admission as the server continues to be down. Cyber expert, Pavan Duggal, also highlighted the need for a new legal framework and said that companies and organizations across the country face a ransomware attack every 11 seconds.
"AIIMS has sensitive medical data. Tons and tons of medical data can be attacked, a copy of it can be made and then it could have been encrypted using the ransomware attack. As a result of this, the entire digital services of AIIMS Delhi have been stopped and only manual services are going up," Duggal said.
Reportedly, the outpatient and inpatient digital hospital services, including smart lab, billing, report generation and appointment system, among others had been affected due to the cyber attack. However, according to fresh Standard Operating Procedures (SOP), the admission, discharge and transfer of patients will be done manually till the server gets restored.
Under the fresh SOPs, the hospital has said that in case of no Unique Health Identification(UHID), the contact number should be considered as the patients identification number. "Admission, discharge and transfer are to be done manually at AIIMS, New Delhi. Indent to be done manually," the hospital said. It further said that the death or birth certificates are to be made manually on forms as per instruction from the working committee.
"Only urgent samples to be sent and that too with filled forms. Only urgent investigations are to be sent with forms as per instruction from the working committee," the hospital said.
Meanwhile, the Cyber expert, Pavan Duggal, also claimed that organizations across the country have been facing such attacks very frequently.
"This kind of attack is a first on a premium health institution but ransomware attacks are not uncommon because every 11 seconds a company becomes a victim of such attacks," he added.
Calling for new approaches and measures at the central level he added, "We need to strengthen governmental system and data by citizens because otherwise, it will snatch away not only the sovereignty but also the right to privacy. It`s time that we inculcate cyber security as a way of life. India needs to make a dedicated new legal framework and a dedicated law on cyber security."
His remarks came after All India Institute of Medical Sciences (AIIMS) on Wednesday said that it is taking measures to restore the digital services and is seeking support from Indian Computer Emergency Response Team (CERT-In) and National Informatics Centre (NIC).Earlier on Wednesday, AIIMS reported a failure in its server.
The server has been down since 7 AM on Thursday, and the officials have been manually managing the OPD and sample collection.
(With agency inputs)