About a fortnight back, that is on November 23, several patient-related e-services like appointments, registrations, smart billing, admission, discharge, report generation, etc., were reportedly affected at All India Institute of Medical Sciences (AIIMS) Delhi. The good news is that effective December 6, while some e-services in AIIMS have resumed, others are said to be operating in the manual mode.

What we know so far is that the Indian Computer Emergency Response Team, Delhi Police Cybercrime Special Cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, Central Bureau of Investigation, National Forensic Sciences University, National Critical Information Infrastructure Protection Centre and the National Investigation Agency are investigating the cyber-attack. The Intelligence Fusion & Strategic Operations of the Delhi Police, a specialised unit that handles all complex and sensitive cases of cybercrime, have registered a case. It is suspected that the problem may have been caused by a “ransomware” attack. The ongoing investigation is expected to unravel what went wrong.

Cyber-attacks, a cause for concern globally, as various reports suggest, relentlessly seem to target both public and private sector networks. As many as 78 percent of organisations globally are said to be hacked by successful cyber-attacks. The perpetrators reportedly use various tactics to exploit individuals, steal personal information, disrupt computer and information security networks. Commonly, criminal hacking, or the act of gaining unauthorised access to data in a computer or network, has been found to happen by exploiting weaknesses in such systems and infected it with malware, that is malicious software, designed to interfere with a computer's normal functioning. A more sinister attacker, or ransomware, typically infiltrates via email, luring a user to click on an attachment or visit a website that infects their computer with malicious code. Once it gains access to systems, it makes them unusable to its legitimate users, either by encrypting different files on targeted systems or locking the system's screen unless a ransom is paid mostly in crypto currency.

Using phishing, a type of social engineering (psychological manipulation of people into performing actions or divulging confidential information), cyber crooks can send fraudulent messages designed to trick an individual into revealing sensitive information to the attacker.

Besides targeting critical infrastructure like health, transportation, energy, financial services as well as individual users, holding personal information, photos or other records, over the past few years, globally, what is more worrisome is that cyber criminals have increasingly begun to target the healthcare sector. More so because valuable personal health insurance information can be used fraudulently to obtain expensive medical services, devices, prescription medications and also acquire various government benefits. Most of the time, hackers are believed to make their entry into computer systems through a phishing email. 

In the UK, data related to over 1.5 lakh patients registered under its publicly funded healthcare system – the National Health Service -- was hacked and shared over a three-year period by cyber crooks. Having penetrated into the IT systems of Anthem, the second largest health insurer in the US, hackers gained access to personal data of as many as 8 crore of its members that included their names, addresses, birth dates, Social Security numbers, medical ID numbers, income data, etc. Similarly, in a targeted cyber-attack, the Singapore government’s health data base was compromised and information of 15 lakh patients got accessed by hackers. Not long ago, the University College, London, was hit by a major ransomware attack, bringing down its shared drives and student management system besides infecting a number of hospital trusts closely associated thereof. Fortunately, emails were immediately shut down as a precautionary measure to restrict a new outbreak.

There have been 16 major cyber-attacks in Australia this year and more recently the medical records of its 97 lakh citizens, hacked from Medibank, the country’s largest health insurer, was released by hackers after the ransom demand was not met.

Last year, Kaseya, an IT solutions developer headquartered in the US with its presence in 10 countries, was attacked by ransomware and Rs 500 crore was demanded as ransom. With thousands of organisations worldwide using at least one Kaseya software solution, some 800 to 1500 small to medium-sized companies using the said software were affected. Notably while some 800 Coop supermarket chain stores in Sweden had to be closed temporarily, an estimated 1,000 companies have had servers and workstations encrypted. An authentication bypass vulnerability in the remote monitoring and management software package developed by the company, namely the VSA (Virtual System Administrator) was compromised. Major meat producer JBS, which supplies over a fifth of all the beef in the US, paid Rs 78 crore ransom in bitcoins to regain access to its computer systems after cybercriminals temporarily knocked out plants using ransomware. Similarly, the US’s largest national fuel pipeline, Colonial Pipeline, paid Rs 31 crore to ransomware hackers after they locked the company’s systems, causing days of fuel shortages and paralysing the East Coast.

That close to USD 600 billion, or nearly 1 percent of global GDP, is lost to cybercrimes, causing business disruption, affecting government operations and reputational harm across the globe each year shows the costs associated with such criminal activities are enormous. According to estimates, malicious cyber activity cost the US economy between USD 57 billion and USD 109 billion in 2016. With over 300 percent increase in reported cybercriminal activities over the past year, several organisations have been taking various initiatives to safeguard themselves.

The AIIMS cyber attack is surely a wake-up call. At a macro level, organisations ought to pay heed to various advisories issued by government and cyber security experts and put in place a unified cyber security policy. It needs to be appreciated that, primarily, cybercrimes including ransomware attacks happen because of human error and as a consequence the resultant impact for the entire organisation is simply horrendous. So, at an individual level, while surfing the borderless cyberspace, one can take away the power of a cyber-attack from the attackers by being vigilant. Therefore, there is  need for digital hygiene. Some of the simple ways to stay protected include having an updated operating system, adopting multifactor authentication, backing up one’s data either on the cloud or hard disk, using protection software to detect viruses and malware on one’s computer.

The phishing email could look authentic to an unsuspecting individual but that can be the beginning of ultimate chaos and avoidable infiltration of ransomware into computer systems.

Better watch out.