India grapples with lack of cybersecurity amid investigation into China link to hospital hack

NEW DELHI: Weeks after a cybersecurity attack hit operations at one of India’s largest hospitals, investigators said they are looking into a possible China link.

The IP addresses of two emails used in the hacking attack on the All India Institute of Medical Sciences (AIIMS), India’s premier government hospital, allegedly originated from China’s Henan province and Hong Kong.

Officials have tracked a server address to China, but experts said that does not necessarily mean that hackers are located there.

India’s Home Ministry and anti-terror task force the National Investigation Agency are probing the hack.

Experts warned that the attack has exposed an urgent need for India to fortify its critical and core sectors, given that the breach was a result of the country not having any cybersecurity protocols in place.

The government has drafted a data privacy bill, but experts in the field said the country does not have enough safeguards in place.

Cybersecurity expert Pawan Duggal said that when an attack such as the one targeted at AIIMS happens, “no one knows what to do” and no agency has an SOP (standard operating procedure).

“We need to tell ourselves that this is a given reality, and the quicker we prepare ourselves, the quicker we go for public-private partnerships, the better it is. The government alone can’t deal with the challenges of cybersecurity,” he said. 

The attack could hamper India’s efforts to digitise health records, hampering government efforts to create a database that will give Indians access to their health records at any hospital within seconds.


The hospital, where more than 12,000 patients get treatment daily, was hit by the attack on Nov 23.

The healthcare institution was not able to register new patients, and doctors could not access medical records or reports.

It later emerged that five servers that stored the data of more than 30 million patients – including health records of former prime ministers, top politicians and bureaucrats – were infected in a cyberattack.

It took weeks for the hospital to restore access and for the government to safeguard its systems.


Days after the attack on…