New Delhi: Three days ago, when Namita Mandal was unable to book an appointment online for her 41-year-old mother at AIIMS-Delhi, she came down from Noida to book a slot but it was too late.
Next morning, she reached the hospital at 3 am to line up at the booking counter that opens at 11 am. She was the 12th person in the queue. Her mother was seen by a doctor at 3pm, and her treatment began at midnight.
On 23 November, the AIIMS server, which stored data of patients of over a decade, came under a major cyberattack. It crippled the seamless system of online registrations for patients’ appointments, uploading and accessing lab reports, and coordinating between multiple departments of the hospital.
Though an FIR under Section 385 (extortion) of Indian Penal Code and relevant sections of IT Act was registered last week, it is still unclear who targeted the AIIMS servers.
Besides long delays for the patients, the hospital staff are putting in extra hours. The hospital administration is canceling leaves to deploy staff for attending services, like laboratory investigations, which are facing serious setbacks because of the inactive servers.
Caught in limbo are patients as doctors are unable to access their medical history. The patients are unsure of when they will get the next appointment.
While a steady stream of patients continues amid these difficulties and delays, the patients ThePrint spoke to claim that the hospital staff is ensuring that the treatment continues unhindered.
The AIIMS administration, meanwhile, claims that the data was backed-up. But it is reluctant to reactivate the access to doctors, before the entire network is sanitised.
“Investigating agencies are still assessing if the breach happened from within the hospital. Till that is known, the system continues to be vulnerable,” said an AIIMS doctor.
ThePrint has learnt that new anti-virus software was installed in all systems and that it may take another week for the hospital to return to online.
Also Read: ‘ICU is a terrible place to die’: When letting go of treatment is the best choice
‘Duplication of tasks’
Pramod Kumar arrived from Aligarh earlier this month to avail treatment for a stomach ailment. He underwent a blood test after the first appointment, but his lab report is among the thousands of reports which are inaccessible after 23 November.
With no report, his doctor is unsure of what line of treatment to put him on. Sitting on the pavement inside AIIMS campus, Kumar is contemplating if he should continue to stay in Delhi.
“I am not getting the next appointment. The doctors have handed me a phone number and have asked me to call in case of emergency,” says Kumar.
Each AIIMS patient is assigned a unique health identification number. This number is fed into all records of the patients which makes it easier for any department to access their medical history. Lab investigation reports conducted within the hospital can also be accessed using this unique ID or bar codes on the patient’s form.
But with the systems going back to manual record keeping, this unique ID is now generated manually. These are then copied in a separate register for hospital records, increasing the time for each registration.
“This process has added duplication of tasks. For each registration, the time taken is much more. Plus, it increases the risk of errors,” says the AIIMS doctor.
With online records blocked, tracing the history of patients using the ID is now off limits. The doctor added that the treatment is now being given based on what is previously written on patients’ forms as opposed to checking the lab reports.
The biggest setback, meanwhile, is being faced in the labs doing medical investigations. The tests which would be done in one to two hours are now taking a day to process, says the doctor.
“With the online systems, the doctors could trace the sample at every stage. We knew when the sample reached the lab, when it was tested and when the report was out. Using our login IDs and passwords, the departments could check the reports. But now, we can’t even tell whether the sample has reached the labs,” says the doctor.
Currently, hospital staff are deputed to the labs to physically check the IDs on samples and get the patients’ reports. At the lab, the staff manually write the results of the tests on the forms.
“We are now doing much more work and getting much less results,” the doctor rues.
With no live tracing of samples and the delays in testing, another doctor says, many samples are getting destroyed.
Patients are being advised to get tests done from outside for emergency cases. “The results which were awaited on Wednesday (the day the server was hacked), and those patients who had not accessed reports before the server went down, are all wasted. All those patients will have to get the tests repeated,” says the doctor.
Telemedicine has also come to a complete halt. Staff at AIIMS told ThePrint that this service was started during the pandemic wherein doctors connected online with patients living outside Delhi. But after the cyberattack, the connection with the outstation patients hasn’t been restored.
The hospital administration Tuesday put out a notice saying that the eHospital data was restored on the servers and that it is taking measures for cyber security.
“Network is being sanitised before the services can be restored. The process is taking some time due to the volume of data and large number of servers/computers for the hospital services. All hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode,” the notice reads.
The AIIMS staff are skeptical of touts using the loopholes in the manual system to slip in patients in the OPD.
“Now since doctors cannot cross-check their patients online, this gives scope for fraud. Touts can write fake ID on the appointment forms and take the patient in for consultation. There is no way the doctor will know if the patient has come with the correct ID or not,” adds the second doctor.
Also Read: Ticket out of despair: How agents fuel the boom in Indians wanting to study medicine abroad
‘Tracing route of the virus’
According to police, several angles are being worked on to identify the perpetrators involved in the cyberattack.
To trace the channel from where the virus came, the police have sent the images of the affected servers for a forensic analysis, police sources said.
“To trace the route of the ransomware is essential. Forensics will help us identify where the virus came from, and through which link and system it was installed in the server,” a police source said. “If we are able to decrypt, then we will be able to identify where this virus was sent from. The analysis is on.”
The AIIMS database was sent for analysis as well.
Last week, the National Informatics Centre (NIC) team working at the institute had informed that the servers were down and that it might be a ransomware attack.
On Thursday, the Intelligence Fusion & Strategic Operations (IFSO) of the Delhi Police registered a case and started investigation.
Ransomware is a type of malware that encrypts a computer, system or server. This means that the system users are unable to access any information or data since all files are encrypted. The attackers then demand a ransom to unlock the information and data, usually in cryptocurrency.
“In addition to encrypting files and demanding money, these attackers also steal data and threaten to misuse it in case their demands are nor met,” the source said.
No such demand has been made, so far.
“If there was a ransom demand, it would have been through a chat window — which we would have traced. In these cases, the origin of the virus can also be traced through crypto wallets, but there is no such demand in this case (so far),” the source said.
(With inputs from Ananya Bhardwaj)
(Edited by Tony Rai)
Also Read: Kolkata is India’s newest, biggest scam zone. Police, YouTubers, mice can’t shut it down