New Delhi: Months after a massive cyber attack at the All India Institute of Medical Sciences (AIIMS) in Delhi, the government is yet to come up with a satisfactory answer as to what happened to the patient data that was encrypted and may have been exfiltrated by the hackers.
Sensitive data of 40 million patients, including political leaders and other VIPs, were potentially compromised in the hacking.
As per sources, the AIIMS server was hacked by the Chinese. The government has maintained that the services were restored and the patient data have been repopulated into the system, but the most important question is what happened to the compromised data? Did they make their way to the dark web?
Could non-state people have accessed it?
The attack was analysed by the Indian Computer Emergency Response Team (CERT-In) and was found to have been caused by improper network segmentation.
According to Union Minister for State for Electronics and Information Technology, Rajeev Chandrasekhar, the attack was carried out by unknown threat actors.
In a written reply to the Parliament, the minister said that CERT-In and other stakeholders have advised necessary remedial measures to prevent such incidents from happening again in the future.
The number of cyber security incidents in India has been on the rise, with 4.5 million cases being reported and tracked in the last five years, Chandrasekhar said in his reply.
This highlights the need for organisations to have robust cyber security measures in place to protect their sensitive information.
Speaking to news agency IANS, Pavan Duggal, the Founder and Chairman of International Commission on Cyber Security Law, said that the time has come to wake up post the AIIMS ransomware attack.
“It is time to come up with specific legal provisions to deal with ransomware. In America, they have actually now made it an offence when somebody pays a ransom, because it is said to be aiding the cyber criminal,” said Duggal.
“Whenever a cyber crime takes place, often it’s accompanied by a cyber security breach. So that means we cannot now look at them as distinctive silos, but as overlapping fields. And, therefore, legal frameworks are required and sensitising people about these newly-emerging avatars and manifestations of cyber crime are needed,” said Duggal.
“Across the world, countries are roughly in a similar kind of position that India is, except that the challenges for India are far too huge. Most of the cyber criminal activities are being targeted on Indians,” he added.