Hospital authorities fear that the data of nearly 3-4 crore patients could be compromised dur to the breach which was detected Wednesday morning, last week.
Patient care services in emergency, outpatient, inpatient and laboratory wings are being managed manually as the server remained down, the sources said.
The India Computer Emergency Response Team (CERT-IN), Delhi Police and representatives of the Ministry of Home Affairs are investigating the ransomware attack.
A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.
Official sources said internet services are blocked on computers at the hospital on the recommendations of the investigating agencies.
The AIIMS server has stored data of several VIPs, including former prime ministers, ministers, bureaucrats and judges. “Hackers have allegedly demanded around Rs 200 crore in cryptocurrency,” said one of the sources.
Meanwhile, the NIC e-hospital database and application servers for e-hospital have been restored. The NIC team is scanning and cleaning infection from other e-hospital servers located at AIIMS which are required for delivery of hospital services, an official source said. Four physical servers arranged for restoring e-hospital services have been scanned and prepared for the databases and applications.
Also, the AIIMS network sanitisation is in progress. Antivirus solutions have been organised for servers and computers. It has been installed on nearly 1,200 out of 5,000 computers. Twenty out of 50 servers have been scanned and this activity is ongoing 24×7, the source said.
“The full sanitisation of the network is likely to continue for five more days. Thereafter, e-hospital services can be rolled out in a phased manner. Patient care services including emergency, outpatient, inpatient, laboratory etc services are being continued on manual mode,” the source said.
(With inputs from PTI)