Taking Cue from AIIMs Data Breach Incident, Now PGIMER Launches Cyber Security Audits at its HIS

The decision follows a recent cyber attack at the All India Institute of Medical Sciences (AIIMS) in New Delhi. The aim of the audit is to identify any potential vulnerabilities in PGIMER's systems and to strengthen its defences against future cyber threats.

The Postgraduate Institute of Medical Education and Research (PGIMER) in Chandigarh, has initiated plans for an audit of its Hospital Information System (HIS), making it possibly the first medical institute of national importance in the country to do so.

This decision follows a recent cyber attack at the All India Institute of Medical Sciences (AIIMS) in New Delhi. The aim of the audit is to identify any potential vulnerabilities in PGIMER's systems and to strengthen its defences against future cyber threats.

Reportedly, the auditing will be carried out by the Centre for Development of Advanced Computing, Hyderabad.

Sharing his views, Prof Vivek Lal, director, PGIMER, said, "The audit entails identifying, analysing and proposing solutions towards any vulnerabilities in hardware, software and network setup at the institute."

PGIMER's current HIS is nearly two decades old, with no information on how vulnerable it is to external threats. Earlier, the initial proposal and requirements for HIS 2.0 were formulated before the incident at AIIMS, however, it was primarily focused on upgrading existing capabilities.

HIS 2.0 will also establish connectivity with PGI's satellite centres to facilitate communication with the main centre. This connection is essential in cases where patients are referred to PGI along with their online medical records. 

Founded in 1962, PGIMER is one of India's leading medical research institutions. The institute offers a wide range of educational and training programs and conducts advanced research in various disciplines of medicine.

AIIMS, on the other hand, is a group of autonomous government public medical universities established in 1956. AIIMS New Delhi, the forerunner institute, was established in 1956 under the administration of Jawaharlal Nehru.

In 2022, AIIMS New Delhi encountered a significant cybersecurity breach that impacted its internal systems, leading to the crippling of the hospital's digital patient management system. 

This cyberattack targeted five AIIMS servers and encrypted approximately 1.3 terabytes of data, resulting in operational disruptions and the non-functionality of critical applications.

Furthermore, the online appointment system was taken offline, causing long queues at the hospital. All of the hospital's services, including outpatient and in-patient departments and labs, had to operate manually. The breach possibly exposed data for approximately 40 million patients.

However, in response to the attack, AIIMS had taken steps to strengthen its cyber security. It installed Endpoint Detection and Response (EDR) in all the systems throughout the AIIMS campus. The e-hospital data was successfully retrieved from an unaffected backup server and restored to new servers.

In June, this year, AIIMS faced another cyber attack. Fortunately, the e-hospital services remained secure throughout this incident.

Additionally, in another instance, Safdarjung Hospital in Delhi reported a cyberattack in November 2022, although no data compromise occurred in this case.