Express press service
BENGALURU: In a recent ransomware attack at the National Institute of Mental Health and Neurological Sciences (NIMHANS), “no sensitive information or patient data was compromised,” said NIMHANS Director Pratima Murthy . Putting data leak fears aside, she said the ransomware was detected early on March 22, following which NIMHANS “timely closed all loopholes and made immediate and necessary changes to secure our systems.” . No sensitive data, including patient data, was compromised,” she added.
The premier mental health institute was recently the victim of a ransomware attack, in which many of its systems were found to be compromised and files encrypted by unknown hackers, who demanded a ransom of $5,000 in Bitcoins.
According to informed sources, NIMHANS uses e-hospital software developed by the National Informatics Center (NIC), which is hosted on the institute’s server. “We have endpoint protection at the server software level. For all outpatient services (OPD), the institute uses Thin Client – a watered-down version of the desktop that runs from resources stored on a central server instead from a localized hard drive. Therefore, all OPD data was safe. As for the hospital patient data, it was protected because it is on a LAN connection with minimal access to the Internet. Data backup of patients is done daily and every six hours for lab reports,” the sources said.
“However, some faculty members, who discovered that their system was infected, may have lost their manuscripts or other materials due to encryption. Following the cyber attack, all email communications from NIMHANS are transferred to the nimhans.ac.in server, including those intended for students,” the sources added.
Giving details of the cybersecurity attack, sources said that on March 22, a faculty member complained to the IT cell at NIMHANS that he could not open his files. Later, they discovered that many other systems were also compromised and that’s when they realized that it was not a malware problem. “We immediately contacted Computer Emergency Response Team India (CERT-IN), NIC and an internationally known third party to conduct a forensic audit of the cybersecurity attack. They responded and in less than “Within an hour, they were able to detect the problem. During this time, NIMHANS filed a written complaint with the Cybercrime Unit, Southern Division regarding the March 29 attack,” sources said on condition of anonymity. The delay in filing a written complaint was due to us having to collect logs from each system,” the sources said.
Staff asked to disable LAN connections
The institute’s IT unit sent a communication to its professors informing them that the institute was the victim of malware triggered by a virus contained in an email received via Windows 7 or 8. spreading to other machines, immediate action was taken to install anti-virus software and all passwords were changed,” the sources added. The FIR (0383/2022) in the ransomware attack case was however filed a month later, on April 30. Explaining the delay in filing the FIR, sources pointed out that the institute’s immediate concern was to “secure the systems”. There are approximately 1,500 systems in the institute. All had to undergo a forensic audit,” sources said. NIMHANS has appointed IT champions in each department/section, and awareness programs are conducted on cybersecurity.