alphv attacks AIIM

Incident Date:

August 3, 2022

World map



alphv attacks AIIM






New Delhi, India

Delhi, India

First Reported

August 3, 2022

AIIMS Ransomware Attack: A Wake-up Call for Healthcare Cybersecurity

On November 23, 2022, the All India Institute of Medical Sciences (AIIMS) in New Delhi was targeted by a ransomware attack that compromised its e-hospital service, responsible for managing patient data systems. This cyber assault led to the shutdown of both main and backup servers, with the perpetrators demanding a ransom of ₹4.2 crore, approximately equivalent to 30 bitcoins, and prompting AIIMS to "prepare for a negotiation".

AIIMS is renowned for its comprehensive patient database, encompassing Personally Identifiable Information (PII) of patients and healthcare workers, alongside administrative details such as blood donor records, ambulance records, vaccination records, caregiver records, and login credentials. The cybercriminals exploited vulnerabilities in the e-hospital service, impacting outpatient department (OPD) operations and sample collection services.

The incident at AIIMS underscores a growing concern within the healthcare sector, which has experienced a notable increase in cyberattacks amid the pandemic. Specifically, the sector saw a 95.34% rise in attacks compared to the same timeframe in 2021, making the Indian healthcare industry the second most targeted globally in terms of cyber threats.

Strengthening Cybersecurity in Healthcare

The ransomware attack on AIIMS serves as a critical reminder of the urgent need for healthcare organizations to enhance their cybersecurity protocols. This includes adherence to regulatory standards such as the Health Insurance Portability and Accountability Act (HIPAA), fostering cybersecurity awareness among staff and patients, implementing secure password policies and multi-factor authentication, and ensuring regular updates and patches for networks, systems, and software.

Given the sensitive nature of patient data and the potential repercussions of its compromise, it is imperative for healthcare institutions to prioritize cybersecurity measures to safeguard against such threats and mitigate the risks to patient safety and privacy.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.