By Rajeswari Pillai Rajagopalan
The frequency and targets of cyberattacks on India are becoming increasingly serious. Earlier in the month of November, Central Depository Services (India) Limited (CDSL) detected a malware in some of its internal machines though the CSDL claimed that “there is no reason to believe that confidential information or investor data has been compromised.” In the latest such attack, just a week ago, one of India’s top medical institutions—the All India Institute of Medical Sciences (AIIMS) Delhi—came under cyberattack. Though India has been paying greater attention to cyber security, the rising number of attacks on India should be very worrying to Indian security managers.
According to the media reports, the AIIMS management stated that a ransomware had “affected outpatient and inpatient digital hospital services, including smart lab, billing, report generation, appointment scheduling”. The attack is believed to be a possible ransomware attack where the criminals who hacked into the system are reportedly asking for a ransom payment, though this has been denied by Delhi Police. Ransomware is essentially a kind of malicious software where the perpetrator is able to gain illegal access to the victim’s data and ask for a ransom to restore access to the data for the victim. The Indian Computer Emergency Response Team (CERT-IN) in its India Ransomware Report 2022 stated that there is a 51-percent increase in the number of ransomware attacks across multiple sectors including critical infrastructure.
The cyber attack appears to have affected the AIIMS operation, which had gone completely online almost a decade ago. The attack “corrupted all the files stored on the main and backup servers of the hospital.” Reportedly, the culprits managed to get hold of about 4 crore patient profiles including sensitive data and medical records, which they could be holding for ransom. This possibly included those of senior government officials who use AIIMS. Apparently, the database included “Personally Identifiable Information (PII) of patients and healthcare workers, and administrative records kept on blood donors, ambulances, vaccination, caregivers and employee login credentials.” Given the scale of the attack, CERT-IN, Delhi Police, the Ministry of Home Affairs and the National Investigation Agency (NIA) have joined the investigation.
A more worrying aspect of the cyber attack is that it is not an isolated incident. In fact, the number of cyber attacks on healthcare infrastructure has gone up significantly in recent years. CloudSEK, an AI company that has been monitoring cyber threats, notedin a report that the Indian healthcare sector was second in terms of the number of attacks, accounting for 7.7 percent of the total attacks on the healthcare industry worldwide in 2021, and 29.7 percent of all attacks in the Asia-Pacific region. The US is, of course, the number one target, facing 28 percent of all the attacks on the healthcare sector worldwide in 2021. This is a consequence of the greater digitalisation taking place, especially in the context of the COVID-19 pandemic. Accordingly, the study also said that “the number of cyberattacks against the healthcare industry has increased by 95.34 percent in the first four months of 2022 as compared to the number of cyberattacks in 2021 during the same period.” Another company also highlighted the growing cyber vulnerabilities in recent years. Indusface, a software security company, stated that there were more than 1 million cyberattacks on the company’s clientele, of which 278,000 took place in India.
In the backdrop of the pandemic, healthcare sector has become an attractive target for cyberattacks. In fact, reports suggest that major technology firms like Cisco India, CrowdStrike, and others had alerted India of the possibilities of a spike in cyberattacks targeting the healthcare industry. Cyfirm, a Singapore-based threat intelligence firm, had reportedly warned in March 2021 that major Indian pharmaceuticals such as Serum Institute, Bharat Biotech, Dr Reddy’s Labs, Abbot India could become targets to hackers from Russia, China, and North Korea as part of their efforts to steal critical data on vaccine research and trials. The company reportedly identified 15 hacking campaigns, with seven from Russia, four from China, three from North Korea, and one from Iran.
A hole in healthcare cybersecurity
While the healthcare industry has become a particularly attractive target for hackers and criminals, cyberattacks on other sectors in India have been equally critical. The number of incidents involving data breaches and digital banking threats has been on the rise, exposing Indian vulnerabilities in the cyber security domain. According to the data provided to the Indian Parliament in early August, “between June 2018 and March 2022, India’s banks recorded 248 successful data breaches by hackers and criminals”, of which 41 cases involved public sector banks, 205 were those of private sector banks, and two involved overseas banks.
In another report, CloudSEK also reported an uptick in the number of cyberattacks on banking and financial sector. The report, however, identified different patterns when compared between 2021 and 2022. The attacks in 2021 were on a global scale with an equal focus on North America whereas the events in 2022 saw a shift towards Asia. Within Asia, India stood pretty high, with the report characterising India as “the newfound hotbed for cyberattacks in Asia”. The Banking Finance Services and Insurances (BFSI) has been identified as the most targeted sector in the FY 2021-2022. A comparison of the number of cyber events in 2021 and 2022 reveal that the US, India, and Brazil continue to be among the most targeted states. In addition to the health and finance sectors, several other critical infrastructures such as that of the airline industry, oil and gas and power sector, as well as technology companies have been targeted, many of which were contained before the attack did any damage.
Whether these attacks lead to data or financial loss or not, the more serious issue is the ability of the perpetrators to crack the Indian cyber security system, despite India’s security efforts. They also reflect the still-inadequate protection measures afforded to critical information infrastructure in India. The government needs to step up its data protection efforts through additional measures if it is to prevent such frequent cyberattacks. The absence of awareness of cyber risks among the users and the use of old, legacy technologies are among the factors that add to the vulnerabilities. India also needs to study the evolving tactics, techniques, and procedures (TTPs) of hackers and criminals to be able to prevent these attacks. India will pay a serious price if it is seen as an easy target.