News: Bengaluru: Nimhans sees ransomware attack; IT cell checks spread
BENGALURU: Premier mental health institute Nimhans faced a cybersecurity threat following a ransomware attack earlier this week. A communication from its IT cell to employees on March 22 night said the institute was targeted with “a ransomware initiated via malicious malware in an email accessed possibly on Windows 7 or 8”.
Twelve teams were formed by the IT cell to scan systems and critical areas were given priority. Employees were asked to pull out LAN (local area network) connections to prevent lateral spread. The teams visited each department to install anti-malware software. Confirming the attack, Nimhans director Dr Pratima Murthy said it had been contained and police informed.
While there are concerns about the leak of crucial patient data and functioning of the casualty department in the hospital, Dr Murthy said only some of the computers were affected/compromised and were immediately attended to. “The computers that were used in the administrative unit were the ones affected,” she told STOI.
However, no official at Nimhans confirmed whether or not any money was paid to contain the spread, given that ransomware attackers typically seek a ransom. The communication sent to employees had instructed them to turn off computers and remove the CPU plug to halt the spread within the infected system. They were asked not to use computers or to log on to the internet till the time the IT cell installed anti-malware software in each department.
While the mitigation process began on March 23, there is no clarity on the extent of damage caused. Sources, however, said lab reports of patients and old patient data may have been affected. “Current patient data is accessible. However, it is learnt that previous reports of patients are inaccessible as of now. The total damage is still not known,” a source said.
According to members of the Nimhans employees’ association, the institute has no expertise in handling cybersecurity matters and IT services are outsourced.
“Though the IT cell is there, expertise is lacking. The union will discuss this with the director and has pain to take it up with the center. An authentic cybersafety audit need to be done. An amateur cybersecurity professional was brought in from the vendors side for remediation, ” sources said.
They added that the proper workflow to be followed in case of cyberattack begins with a remediation process, including anti-ransomware installation ethical hacking and finding a loophole.” Vulnerability assessment and penetration testing should have been done , which was missing .” source said. Employee personal information and HR data might have been lost, aside from the data some data from the hospital administration.
Website Down for 3 Days
The Nimhans website was reportedly inaccessible for 3 days march 12 to24 as the server were disconnected. employee said they could not open files on their desktops including PDF’s, windows, PowerPoint files, since march 22 . However system with windows 10 and 11 not were not affected much.