Two weeks after cyber attack, the server facilities at the main building of All India Institute of Medical Sciences (AIIMS) here resumed partially on Tuesday. The online registration of new patients visiting the OPD resumed, while the online appointment system is still not working and laboratory services are operating in manual mode, official sources said on Tuesday.
The servers of the premier hospital here essentially remained down most of the time during the day, they said.
Agencies such as CERT, BEL, DRDO at work to recover the servers
"Outpatient department (OPD) registration and admission processes were brought online in the eHospital system yesterday (Monday). The integration of the smart lab is being worked on for samples collected from all wards and collection areas for automated analysis and reporting. Additionally, agencies such as CERT, BEL, DRDO are on the ground helping with the rollout," an official source said.
According to sources, the All India Institute of Medical Sciences, Delhi allegedly faced a cyber attack on November 23, paralysing its servers.
A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.
The internet services were blocked as per the recommendations of the investigating agencies, the sources said.
CERT-In, Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, Central Bureau of Investigation, National Investigation Agency, etc. are investigating the incident.
The AIIMS authorities had said last week that the e-Hospital data had been restored on the servers.
They said the network was being sanitised before the services could be restored.
The process was taking some time due to the volume of data and the large number of servers and computers.
Measures are being taken for cyber security, the AIIMS had said.
Giving details of the entire incident, the official sources said that the National Informatics Centre (NIC) eHospital at the AIIMS uses 24 servers for various hospital modules and four of these servers -- primary and secondary database servers of eHospital, primary application and primary database servers of laboratory information system (LIS) -- were infected with ransomware.
Later, ransomware was also found in the elastic search virtual server. All infected servers were isolated, they said. The backups of eHospital and LIS database were taken on external hard drives and scanned.
Four new physical servers were arranged including two from external agencies for restoring eHospital applications.
These applications (eHospital and LIS) and databases were restored on these four new servers which have been scanned and data is accessible. These servers are in the computer facility and are in an isolated network, official sources said.
These four servers have been configured with the checkpoint and firewall. Another four servers of NIC applications were scanned. Of these, viruses were found in two servers.
Three new servers were procured through the NICSI. The NIC has set up eight servers in a virtualised environment and a sub-replica 2 in the Centre for Dental Education and Research (CDER), AIIMS from where the eHospital backup was restored earlier. Two more servers were received from NICSI today. As directed by the Delhi Police, the servers affected by the ransomware have been physically removed from the server room, the sources said.