Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cyberattack on Top Indian Hospital Highlights Security Risk

The leading hospital in India’s capital limped back to normalcy on Wednesday after a cyberattack crippled its operations for nearly two weeks.

The leading hospital in India’s capital limped back to normalcy on Wednesday after a cyberattack crippled its operations for nearly two weeks.

Online registration of patients resumed Tuesday after the hospital was able to access its server and recover lost data. The hospital worked with federal authorities to restore the system and strengthen its defenses.

It’s unclear who conducted the Nov. 23 attack on the All India Institute of Medical Sciences or where it originated. Hospital authorities didn’t respond to requests for comment.

The attack was followed by a series of failed attempts to hack India’s top medical research organization, the Indian Council of Medical Research. This raised further concerns about the vulnerability of India’s health system to attacks at a time when the government is pushing hospitals to digitize their records.

More than 173,000 hospitals have registered with a federal program to digitize health records since its launch in September 2021. The program assigns patients numbers that are linked to medical information stored by hospitals on their own servers or in cloud-based storage. Experts fear that hospitals may not have the expertise to ensure digital security.

“Digitizing an entire health care system without really safeguarding it can pretty much kill an entire hospital. It suddenly stops functioning,” said Srinivas Kodali, a researcher with the Free Software Movement of India.

That is what happened to the hospital in New Delhi. Healthcare workers couldn’t access patient reports because the servers that store laboratory data and patient records had been hacked and corrupted.

The hospital normally treats thousands of people a day, many of whom travel from distant places to access affordable care. Always crowded, queues at the hospital grew even longer and more chaotic.

Advertisement. Scroll to continue reading.

“The entire system isn’t working because of the hack,” said Deep Ranjan, who came to New Delhi from northeastern Assam state. He said he had spent five days waiting in line and still has not seen a doctor.

Sandeep Kumar, who accompanied his ill father, said the digital attack meant that appointments couldn’t be booked online, and that doctors could do little when they saw patients because they couldn’t access their medical history.

“We are digitizing (everything), but then there is an attack on the country’s most important medical institute,” he said.

On Nov. 30, there were repeated but ultimately unsuccessful attempts to breach the website of the Indian Council of Medical Research, the Press Trust of India news agency reported.

The attack on the hospital raised “serious questions about the cybersecurity of the country,” said K.C. Venugopal, a member of Parliament from the main opposition Congress party.

India drafted a proposed law governing data privacy last month, but critics say it offers few safeguards to people. It has not yet been passed by Parliament.

Read: Whistleblower: China, India Had Agents Working for Twitter

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.