How hackers can access potential ‘gold mine’: AIIMS cyberattack a case in point
Almost two weeks after a cyberattack crippled the servers at the All India Institute of Medical Sciences (AIIMS), the administration continues to describe the ‘server breakdown’ as a ‘cyber-security incident’ and not a ‘cyberattack’. However, on a closer examination of the probe agencies involved in restoring the servers, one can easily understand the severity of the issue in hand.
According to various reports, there is a high chance that the data of around three to four crore patients has been stolen and sold in the dark web.
Ransomware vs other cyber attacks
Speaking to The Federal, Mumbai based cybersecurity expert Ritesh Bhatia says that there is a massive difference between a cyberattack/ransomware and other attacks. “A cyber-security incident may involve a glitch which can be solved at the earliest, whereas a cyberattack may lead to files being encrypted and a monetary ransom may be asked (by the hacker) to retrieve those.”
Also read: AIIMS cyber attack: Staff work overtime on manual mode to ensure patient care
The latest ransomwares are notorious for copying all the data to the hacker’s server and demanding ransom from the victim party. Even if the breached party has a back-up, the mere fact that hackers now have the data on their server, compels the victim to pay the ransom.
Bhatia says that these ransomwares are well-designed and it’s difficult to decrypt and unlock the files.
What kind of data is at stake?
Breaking it down, Bhatia said, “The targeted data may include patients’ protected health information (PHI), financial information like credit card and bank account numbers, Personally Identifiable Information (PII) such as social security numbers, administrative records kept on blood donors, ambulances, vaccination, caregivers and employee login credentials and intellectual property related to medical research and innovation.”
As top politicians and government officials get themselves treated at the institute, the server breakdown can have devastating consequences. By getting vital information like patients’ report, invoices, laboratory reports and data on personal treatments, hackers can leverage the information and blackmail the concerned individuals. It will put leaders in danger if enemy countries or anti-national elements get access to such sensitive information, Bhatia added.
Also, once the data is readily available in the dark web, it can also be accessed to target individual politicians and thereby endanger their lives, the cyber expert said.
Also read: Post hacking AIIMS, Delhi server goes kaput for a week
As these servers will not only contain health records, but other vital personal information, the individuals can be completely exposed. Information on their address, medical history, financial transactions and family history can easily be up for public viewing. This will be the ultimate breach of privacy and a security threat in case of VIPs, Bhatia said.
AIIMS software and Zimbra
A prominent Indian newspaper reported that AIIMS servers were running on a US-based software named Zimbra that specialises in e-mail services. However, Bhatia said that only the e-mail functionalities were running on Zimbra, and not the entire system. Therefore to associate the entire breakdown to a failure in Zimbra will not be a correct assessment. On the contrary, a cyber expert, without wishing to be named said Zimbra is just “a middle-class enterprise for mailing”.
Also read: Sleuths suspect terror angle in AIIMS hack as server cleansing continues
