1.9 mn attacks on Indian healthcare network from Pak, China this year: Report

The vulnerable Internet-facing systems having Remote Desktop Protocol (RDP), vulnerable SMB and Database services enabled, and old Windows server Platforms were mostly attacked.

New Delhi: As AIIMS struggles to get its servers back to life after a massive ransomware attack, nearly 1.9 million cyber attacks have been recorded on the Indian healthcare network this year, especially from countries like Pakistan, China and Vietnam, a report revealed on Thursday.

The healthcare-based threat intelligence sensors network, deployed by the CyberPeace Foundation and Autobot Infosec Private Ltd, along with the academic partners under CyberPeace Center of Excellence (CCoE), saw a surge in cyber attacks with 18,46,712 hits between January to November 28 from a total number of 41,181 unique IP addresses atom nations like Pakistan, China and Vietnam.

The vulnerable Internet-facing systems having Remote Desktop Protocol (RDP), vulnerable SMB and Database services enabled, and old Windows server Platforms were mostly attacked.

The attackers also tried to inject malicious payloads into the network. The deployed network has captured a total of 1,527 unique payloads belonging to Trojan and ransomware, etc., the report mentioned.

After reports surfaced earlier this week that hackers allegedly demanded around Rs 200 crore in cryptocurrency from AIIMS-Delhi, the Delhi Police said in a statement that no such demand has been brought to their notice by the AIIMS administration.

According to the report, cyber attacks on healthcare facilities in India have been rising in recent years, and the pandemic has only worsened matters.

“By deploying the simulated network, we can collect data on attack patterns, the different types of attack vector for the different protocols, and the recent trends of malicious activity,” said a CyberPeace Foundation spokesperson.

Analysis of data has drawn the attention that attackers also tried to exploit ‘DICOM/MYSQL/MSSQL’ protocols to access the sensitive patients data like medical images, diagnostic databases, etc.

DICOM is standard protocol used in most medical and healthcare facilities for the management and transmission of medical images and related data.

“Cyber criminals are taking advantage of the fact that healthcare organisations are under immense strain and are more likely to pay a ransom to get their systems up and running again,” said the spokesperson.

Organisations should ensure their systems are secured by reducing unnecessary data, improving the patch level of software, backup and restore procedures and auditing systems to build awareness of any threats, the report mentioned.

Back to top button