Not just AIIMS Delhi: Safdarjung Hospital also reports cyberattack

Meanwhile, it was recently revealed that about 150,000 stolen patient records from a hospital in Tamil Nadu were being illegally sold online.
By Adam Ang
06:57 AM

Credit: Rahul Thukral/Google Maps Street View

Another top hospital in New Delhi has reported a cyberattack last month. 

Safdarjung Hospital, a 1,500-bed government hospital, recently disclosed that cyber criminals also hit its IT system in November. No data, however, was compromised when the system went down in a day. 

While Medical Superintendent Dr B.L. Sherwal did not expound on the nature of the attack, he said the incident was not caused by ransomware. He added that the system was immediately restored by the National Informatics Centre, the government agency responsible for enabling all government IT systems in India. 

THE LARGER TREND

Safdarjung Hospital is the second hospital in New Delhi to have been recently hit by a cyberattack. But unlike the case of AIIMS Delhi, its OPD services were not heavily impacted as they have been running these services manually before.

Almost two weeks since it reported a ransomware attack, AIIMS Delhi has yet to get its digital services back online. Affected services include smart lab, billing, report generation, and appointment system. 

Meanwhile, a recent analysis by local cybersecurity AI company CloudSEK found that the sensitive information of about 150,000 patients of Sree Saran Medical Centre in Tirupur, Tamil Nadu is being sold on the dark web.

The stolen information, which includes patients' birth dates, addresses, and doctors' details, came from the hospital's database dating from 2007 to 2011. This database was thought to be previously managed by Three Cube IT Lab. 

According to CloudSEK researchers, malicious actors might have initially hacked into Three Cube IT Lab to exfiltrate sensitive information from the hospital. 

The researchers found those stolen data on 22 November when these were put up on sale via Telegram and cybercrime forums. A news report noted that the database was first sold for $100, and then for $400 to resellers. 

Responding to reports, Sree Saran Medical Centre denied that there has been a compromise on the medical details of their patients. Dr A.M. Palanisamy, the hospital's chairman, was cited in another news report as saying that they only engaged with Three Cube IT Lab for a year to use its software to build their database. They later moved to a different service provider in 2018.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.