1.9 mn attacks on Indian healthcare network from Pak, China

New Delhi: As AIIMS struggles to get its servers back to life after a massive ransomware attack, nearly 1.9 million cyber-attacks have been recorded on the Indian healthcare network this year, especially from countries like Pakistan, China and Vietnam, a report revealed on Thursday.

The healthcare-based threat intelligence sensors network, deployed by the CyberPeace Foundation and Autobot Infosec Private Ltd, along with the academic partners under CyberPeace Center of Excellence (CCoE), saw a surge in cyber-attacks with 18,46,712 hits between January to November 28 from a total number of 41,181 unique IP addresses from nations like Pakistan, China and Vietnam.

The vulnerable Internet-facing systems having Remote Desktop Protocol (RDP), vulnerable SMB and Database services enabled, and old Windows server Platforms were mostly attacked.

The attackers also tried to inject malicious payloads into the network. The deployed network has captured a total of 1,527 unique payloads belonging to Trojan and ransomware, etc., the report mentioned. After reports surfaced earlier this week that hackers allegedly demanded around Rs 200 crore in cryptocurrency from AIIMS-Delhi, the Delhi Police said in a statement that no such demand has been brought to their notice by the AIIMS administration.

According to the report, cyber-attacks on healthcare facilities in India have been rising in recent years, and the pandemic has only worsened matters.

"By deploying the simulated network, we can collect data on attack patterns, the different types of attack vector for the different protocols, and the recent trends of malicious activity," said a CyberPeace Foundation spokesperson.

Analysis of data has drawn the attention that attackers also tried to exploit 'DICOM/MYSQL/MSSQL' protocols to access the sensitive patient's data like medical images, diagnostic databases, etc.