AIIMS cyber attack | Investigators asking E&Y about its audit of hospital’s cyber systems

Security agencies probing the AIIMS cyber attack have approached E&Y executives to examine if they found any vulnerabilities in the hospital’s system when they audited it a few months ago, a source said

December 03, 2022 06:47 pm | Updated December 04, 2022 08:18 am IST - NEW DELHI

A government source told The Hindu that AIIMS had engaged E&Y, a third party, to conduct an audit of its cyber-systems in the middle of this year. File

A government source told The Hindu that AIIMS had engaged E&Y, a third party, to conduct an audit of its cyber-systems in the middle of this year. File | Photo Credit: Kamal Naranag

Security agencies have approached consultancy firm Ernst and Young (E&Y) regarding the November 23 cyber-attack at the All India Institute of Medical Sciences (AIIMS) in Delhi. The attack has crippled the servers and e-hospital services at the country’s premier public healthcare facility, causing major inconvenience to patients. 

A government source told The Hindu that AIIMS had engaged E&Y, a third party, to conduct an audit of its cyber-systems in the middle of this year. One law enforcement agency had called E&Y executives last week, to assist in the probe and to examine if the auditors had found any vulnerabilities in the system.

The source said that the investigators suspect that the attack on the AIIMS’ servers was initiated about two months ago at the behest of State-sponsored actors from a neighbouring country. 

Known software vulnerabilities

“AIIMS servers were running on a software called Zimbra that specialises in email services. The vulnerabilities in Zimbra were known as early as February this year. It is to be seen what prudent steps were taken by AIIMS to check the loopholes,” the source said. Zimbra is owned by the U.S.-based Synacor, a software and services company. 

AIIMS director M. Srinivas did not respond to text messages or calls from The Hindu. An E&Y executive also did not respond to a question from The Hindu on the examination of its executives by a government agency. 

On November 23, the AIIMS said in a statement that the National Informatics Centre (NIC) had informed it that its servers were down, and that this may have been due to a ransomware attack. 

Following the incident, Delhi Police registered a First Information Report under Section 385 of the Indian Penal Code (which refers to putting a person in fear of injury in order to commit extortion) and Section 66/66F of the Information Technology Act, pertaining to cyber terrorism and computer-related offences against unknown persons.

‘Conspiracy’

On December 2, Minister of State for Electronics and IT Rajeev Chandrasekhar said that the attack on the servers of AIIMS Delhi was a conspiracy and was planned by forces that are significant. 

Though it was Delhi Police that registered the case, a host of government bodies such as the Computer Emergency Response System (CERT-IN), NIC, the National Investigation Agency (NIA), and the National Security Council Secretariat (NSCS) are also investigating the incident. On November 29, the Ministry of Home Affairs (MHA) convened a meeting with all agencies, including the AIIMS director regarding the cyber attack. 

Earlier, a Delhi Police official had said that the AIIMS server was prone to hacking because of the lack of safety features.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.