Ransomware Disrupts Indian Premier Hospital for 2nd DayHospital Resorts to Manual Workarounds; Birth, Death Certificates to be Created Manually
India’s premier healthcare institute reported a massive cyberattack on its servers on Wednesday. All patient care services were affected and were still operating manually on Thursday.
The All India Institute of Medical Sciences, Delhi, reported that the National Informatics Centre at AIIMS was working to restore the systems and suspected it to be a ransomware attack. The Indian Computer Emergency Response Team has also been brought in to support investigations.
An AIIMS spokesperson told Information Security Media Group that all patient care services such as appointments to registrations, admission to discharge, billing and report generation were affected.
AIIMS is the national capital’s largest referral hospital, with a footfall of 1.5 million outpatients and 80,000 inpatients every year. The hospital, which was established in 1956 to serve as a nucleus for nurturing excellence in all aspects of the healthcare system in India, installed a small computer facility for the first time in 1978.
The Delhi Police registered a first information report and initiated its own investigation into the ransomware attack, police sources told national news agency NDTV on Thursday. The Delhi Police's Intelligence Fusion and Strategic Operations unit registered the complaint against unknown persons on the basis of a complaint filed by AIIMS’ assistant security officer, NDTV cited the police saying.
Manual processes have left patients and families standing in long queues outside every department. At the registration section, hundreds have queued up since dawn.
A family member of a patient receiving care at AIIMS told a national news agency Mirror Now that new inpatient registration services have been down since yesterday as a result of the attack which has caused delays in taking new appointments. But those already admitted are reported to continue receiving appropriate treatment and services without any issues whatsoever.
NIC and CERT-In continue to take measures to restore digital services without a definitive recovery timeline. Today AIIMS published the latest set of standard operating procedures as an interim meansure to ease the pressure on its patients and their families.
For potential patients with no Unique Health Identification (UHID), the contact number should be used as the patient’s identification number. The hospital also said that death or birth certificates will be made manually as per instruction from the working committee.
Regarding sample collection and testing, "only urgent samples to be sent and that too with filled forms," the hospital said.
The NIC could not be immediately reached for comment on the extent of the attack, and it is not known whether the issue is limited to AIIMS Delhi or is also impacting other AIIMS institutes in the country where eHospital services could be in use.
The attack came to light a month after AIIMS Delhi announced it is going paperless from January 1, 2023, to be achieved by completing implementation of the e-Hospital program.
A demonstration of e-Hospital modules was carried out on October 17 by the NIC team for the top suite of all departments. The NIC team presented a list of modules that are functional at AIIMS and demonstrated the OT module, clinical module and telemedicine module. Easing the burden of OPD registrations is also a priority in this move, the NIC said at the time.
It is unclear whether the current situation will impact the timeline for complete implementation of eHospital services.