AIIMS cyber attack reports clarified as non-incident, no breach found

Last year, the All India Institute of Medical Sciences (AIIMS) fell victim to a significant ransomware attack, resulting in the inaccessibility of centralized records. Recent reports highlighted another alleged cyber attack on AIIMS, but Rajeev Chandrasekar, the Minister of State in Electronics and Information Technology (MeitY), clarified that it was not categorized as a "cyber incident or a breach."

AIIMS also issued a statement affirming that although they had detected a malware attack on June 6, prompt action was taken to successfully thwart the attempt. In a tweet, AIIMS, New Delhi stated, "A malware attack was detected at 1450 hrs by the cybersecurity systems in AIIMS, New Delhi. The attempt was successfully thwarted, and the threat was neutralized by the deployed cybersecurity systems. The eHospital services remain fully secure and are functioning normally."

In response to a user's tweet sharing a screenshot of an error message on the e-hospital.aiims.edu website, which mentioned the detection of a virus during the download process, Chandrasekar clarified the situation. He explained that the eHospital application is an internal system inaccessible to internet users. It was likely that someone had attempted to access the portal, triggering an alert from AIIMS' security measures. The same individual might have taken a screenshot of the error message and circulated it. Chandrasekar emphatically stated that no cyber incident or breach had occurred, and the error messages had already been rectified.

It is worth noting that AIIMS faced a major ransomware attack last year, which resulted in the unavailability of centralized records. The impact of the cyber attack extended to various hospital services, such as the generation of unique health identification numbers, new registrations, laboratory reports, billing, and patient discharge. Additionally, the attack disrupted academic processes within the institute.