After AIIMS and Safdarjung, hackers targeted ICMR website 6000 times in 24 hours

New Delhi: Days after a cyber attack on the servers of the two premier health institutes All India Institute of Medical Sciences (AIIMS), New Delhi and Safdarjung Hospital, 6,000 hacking attempts over a span of 24 hours were made on the website of the apex health research regulator, Indian Council of Medical Research (ICMR) on November 30.

The sources said that the ICMR website is safe and noted that the firewall is regularly updated. They said hackers IP were traced to a blacklisted IP based in Hong Kong.

Also Read:French hospital halts operations, transfer patients following cyberattack

"The site is hosted at NIC Data Centre, the firewall is from NIC (National Informatics Centre) and is regularly updated. NIC was informed through email regarding a cyber attack and has reported that the attack was prevented. ICMR has found the website in the order," a source said.

The sources said hackers "tried to hack ICMR website 6000 times on November 30".

"Hackers IP were traced to a blacklisted IP based in Hong Kong. The website, however, couldn't be hacked because of updated firewall and enhanced security measures being adopted," the source said.

Medical Dialogues team had earlier reported that after AIIMS Delhi, another centre-run Safdarjung Hospital became the victim of the cyber attack. The Safdarjung hospital officials informed that, unlike the AIIMS cyberattack, the Safdarjung Hospital had not been a ransomware attack and that the hospital's IP was blocked.

Official sources said cyber-attack strategies are constantly evolving and securing cyber infrastructure and data is a dynamic process.

The sources said that the ICMR website did not witness any downtime following the cyberattack. However, they noted that similar attacks by hackers on ICMR cyber infrastructure are regular and cyber security infrastructure needs to be strengthened.

"The current news is regarding an attempted attack on the ICMR website that was prevented by the firewall/security measures of NIC. The contents of the website have been checked and found safe. The website did not witness any downtime," the source said.

"However, similar attacks by hackers on ICMR cyberinfrastructure are regular; hence, cyber security infrastructure needs to be updated and strengthened to prevent future damage. There are limited vendors under the Make-In-India category for state-of-the-art cyberinfrastructure such as Network switches, Access Points, Storage etc., accordingly possibilities of other options will also be explored," the source added.

The sources said that Secretary Department of Health Research (DHR) and Director General ICMR reviewed cyber infrastructure and security practices at ICMR on December 2.

It was briefed that the website of ICMR is hosted in the NIC cloud after a security audit by a CERT-IN empaneled agency.

"The website is protected by NIC firewall and other security measures. ICMR also in-house hosts web and data portals of various programmes of ICMR. The in-house infrastructure is protected by a customized open-source firewall (PFSense). Further, inbound and outbound internet traffic is strictly controlled and regularly monitored for any suspicious activity on all the active interfaces. DHR regularly issues advisories regarding cyber-security practices to all the ICMR institutes and centres," the source said.

Safdarjung hospital had said last week that the hospital was hit by a cyberattack in the middle of November but there was not much impact on services as the OPD process is run manually.

"There was a cyber attack, our server was also down in November for a single day but data was secured. The matter was handled by the National informatics Centre (NIC) who revived the systems," Medical Superintendent, Safdarjung Hospital, Dr BL Sherwal had said.

"According to my knowledge it wasn't ransomeware," he added. Another official from the hospital said that IP was blocked.

Services at AIIMS New Delhi continue to be conducted manually following a cyber hack in its e-hospital facility on November 23.

AIIMS authorities said that e-hospital services are likely to start middle of this week. Sources said about 4000 computers have been scanned and anti-virus has been uploaded for additional safety. 

Also Read:Chinese hackers suspected behind AIIMS Delhi cyber attack