A recent cyber attack on the All India Institute of Medical Sciences (AIIMS), Delhi, affected a total of five servers and led to the encryption of 1.3 terabytes of data, according to a response tabled in the Indian Parliament. The response added that an evaluation carried out by the Indian Computer Emergency Response Team (CERT-In) found that AIIMS servers were compromised by unknown threat actors due to “improper network segmentation”. It also added that AIIMS’ information and computer systems are managed by the institute itself and that the government is aware of “various cyber security incidents” taking place in the country. The reply was drafted by the Minister of State for Electronics & Information Technology Rajeev Chandrasekhar to a question asked by MP Sushil Kumar Modi. Why it matters: It is important to understand the nature of the cyber attack on AIIMS because it was a critical incident which led to a significant disruption. The services resumed after a gap of two weeks thereby exposing the woeful state of cybersecurity in the country, especially in government institutions. It turned the focus back to the need for the government to shore up cybersecurity in its critical infrastructure at the earliest. Total number of cyber attacks: Chandrasekhar revealed that the CERT-In recorded a total of 13,91,457 cyber security incidents in 2022, a marginal drop from 14,02,809 incidents in 2021. He pointed out that a draft National Cyber Security Strategy had been prepared by the National Security Council Secretariat (NSCS) but stopped short…
