The results of AIIMS breach investigations must be used to develop robust and transparent cybersecurity policies.
Post Date – 12:40 AM, Wednesday – Dec 7 22
Hyderabad: The cyberattack on the servers of the All India Institute of Medical Sciences (AIIMS), which stores sensitive health data of millions of patients, has posed a major national security challenge. Given that the hackers took control not only of the hospital network but also of the backup system, there is no guarantee that health records will not be tampered with, even in a secondary backup system.
AIIMS, the largest medical institution in the country with more than 35,000 doctors seeing patients every day, including senior government officials, was unable to access not only the main server but also the backup server. Despite the best efforts of security experts, access to the hospital’s data has so far not been fully restored. If it fell into the hands of any hostile foreign intelligence agency, the health data records of cabinet ministers and senior bureaucrats were in danger of being misused. This is a serious ransomware attack that highlights the need for a robust cybersecurity framework in the country.
The AIIMS breach was not an isolated incident, but the latest in a series of similar incidents that have occurred in the past. Unfortunately, they were ignored. For example, the 2017 Hitachi data breach became a preview of the 2019 attack on the Kudankulam nuclear reactor, which was followed by the detection of Cobalt Strike malware. The lack of response may have signaled to enemy agents that they would suffer no consequences for such actions.
There has been no effort on the part of the government to develop national cybersecurity principles, or even a workable policy. Instead, existing institutions are locked in turf wars over budget allocations. This situation must be urgently reversed, and the findings of the AIIMS breach investigation must be used to develop a robust and transparent cybersecurity policy. As India’s internet base continues to grow exponentially, the parallel growth of cyber threats is cause for concern. As digital technology advances, so does the sophistication of cybercrime.
In 2020, nearly 82% of Indian businesses were attacked by ransomware. Last year, a high-profile Indian payments company, Juspay, suffered a data breach that affected 35 million customers. This is important because Juspay handles payments for online marketplaces, including Amazon and other big companies. In February, Air India suffered a major cyberattack that compromised nearly 4.5 million customer records. Passports, airline tickets and some credit card details were leaked. While India’s digital economy has thrived due to the digital integration of its citizens, it has also created vulnerabilities for data theft.
The country’s reliance on foreign hardware, especially Chinese hardware, is an additional vulnerability. Centers and states need to invest enough money to enhance network infrastructure. Government and private institutions that process personal data should be required to comply with mandatory data protection norms.