AIIMS New Delhi Ransomware Attack: Exposing the Premier Hospital`s Vulnerability to Cyberattacks?

Case Code: ITSY135
Case Length: 12 Pages
Period: -
Pub Date: 2023
Teaching Note: Available

Price: Rs.300
Organization: AIIMS NEW DELHI
Industry: Healthcare and Services
Countries: India
Themes: Information Systems, Digital Ecosystem, Data Privacy,Management of Information Systems

Abstract Case Intro 1 Case Intro 2 Excerpts

Abstract

This case discusses the server outage in AIIMS New Delhi, one of the premiere hospitals in India. The outage wreaked havoc on all patient care services and host of key medical services at the hospital were delayed as the digital patient management system crippled. Although the hospital quickly switched to manual operations but faced difficulty managing the services. The hospital suspected that a ransomware attack could have caused the system outage. Furthermore, there was a possibility that the hacked systems may have exposed the confidential information of millions of patients, including some very powerful individuals. The hospital administration sought help from various authorities to restore the systems shortly after the attack. In addition, the Police and investigating teams intervened to look into the event and identify the perpetrators.

The cyberattack took place when AIIMS New Delhi was in the midst of turning the facility paperless with complete digitalization. Questions were raised whether the cyberattack unavoidable or were the hospital's vulnerable digital systems to blame? Did the servers and systems meet the highest levels of cyber security? Were there strategies in place for catastrophe recovery and solutions? And was it necessary to re-evaluate the hospital’s cybersecurity readiness after it had undergone digital transformation?