AIIMS was subjected to a cyber attack in November 2022. The attack was followed by similar attacks on Safdarjang Hospital and ICMR.

As we are aware, this is done through ransomware. Ransomware is a kind of malware which cyber criminals introduce into the system to seize sensitive data so as to extract ransom money or demand. This is initiated by such a simple thing as plugging a device for charging or by clicking on a link. These links are generally sent through phishing emails. These links contain the ransomware. The malware once activated commences to encrypt data from the infected server or device. In other words the data can be accessed only by the hacker. Victims are asked to pay for decryption key to resume access.

In AIIMS case, the data was encrypted, In addition, it was also copied. In such cases, if ransom is not paid, there is a threat of the data being made public. Generally, it is done on the dark web.

AIIMS systems are old and archaic. Perhaps, there were no security patches from the software suppliers. The antiviral programmes too perhaps have not functioned properly.

In such a malware attack, the data is recovered through a backup. Or else, they try to find a decryption key. In most cases, there is only one decryption key and so getting it decrypted seems difficult. It is not known whether there is data backup.

There could be efforts to apprehend the hackers. In case of foreign hackers, that can be done if there is collaboration with the foreign governments. Sometimes, there could be state actor too.