Four days after the massive cyber-attack that compromised All India Institute of Medical Sciences (AIIMS) server, the systems are up and ready but forensic examiners are still scanning through the large network of 20,000 computers to detect any malware before the e-hospital services are restored, officers involved in the probe said.

Patient care as well as studies at AIIMS Delhi were paralysed since internet services were blocked to protect more machines in the network from getting infected. This, despite the administration trying to manage the chaotic situation through additional deployment in OPD, diagnostics and labs, a top doctor said on the condition of anonymity.

All through this time, the work of emergency, patient care and lab work are being done manually, the doctor added. Even access to the library for teaching has been impacted.

Attack on specific machines

Highly placed sources said that only those machines that were looked after by the National Informatics Centre (NIC) — the technology partner which comes under the Ministry of Electronics and Information Technology (MeitY) — were hit in the cyber-attack.

Multiple agencies, such as Indian Computer Emergency Response Team (CERT-IN), National Investigation Agency, Intelligence Agencies and Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) unit are investigating the various aspects of the cyber-attack.

The IFSO, after registering a case on Thursday, is conducting a postmortem of infected AIIMs servers that are suspected to have been compromised due to malicious software, leaving the linked network crippled, explained Delhi police sources. The machines once compromised cannot be operated unless they are forensically sanitised and restored, Delhi police officials said.

The systems are up and ready and have been tested adequately to bring them back to functionality, said government sources.

Help from CFL

The IFSO has taken images of infected servers and is analysing them with the help of Central Forensic Lab (CFL) to get to the bottom of the vulnerability of the virtual administration architecture of AIIMS.

The investigators are also in touch with other groups of agencies and experts, who are slogging to restore the network, to know the extent of the damage caused by the malware.

A Delhi police officer stated that so far, they have no evidence of ransomware contrary to ongoing speculation and the origin of the cyberattack is still being ascertained.

Cyberattacks at AIIMS Delhi have also exposed the amenability of the India’s health care systemwhich has largely shifted online due to the government push for Digital India.