A foreign state actor may be responsible for the ransomware attack on the All India Institute of Medical Sciences (AIIMS), Delhi, The Indian Express reported. The hack may have originated from another country, the report added, stating that the Indian Computer Emergency Response Team (Cert-In), India’s top cybersecurity agency, has concluded its initial investigation into the attack. The cyberattack is said to be a result of an “unorganised ICT (Information and Communications Technology) network without centralised monitoring or system administration” as per The Indian Express. Why it matters: It is a crucial development because it is one of the most serious ransomware attacks to have taken place in India which does not have a cybersecurity policy in place. The policy has been in the works for the last four years and is yet to see the light of day. It’s a matter of concern that the servers of India’s top medical institute have been down for nearly two weeks due to a cyberattack. The possible involvement of foreign states might create friction with that country once the Indian agencies conclude their investigation. It is also a critical reminder that the country needs to prioritise the cybersecurity of critical infrastructure in sectors like health, energy, and transport. Policy change in the works: It was also found that the institute had hired a private company for the design of its servers and its system administration. The incident casts doubt over whether the credentials of this company were sound for handling systems as…
