Relevance of ”Rising Ransomware Attacks in India” for UPSC
Rising Ransomware Attacks in India covers UPSC Mains’:
GS 3: Cyber Security, Challenges to Internal Security Through Communication Networks, Cyber Warfare
Why Ransomware Attacks in News?
- On November 23, eservices at the All India Institute of Medical Sciences (AIIMS) were crippled by what is being suspected to be a ransomware attack.
- The cyber attack on AIIMS shut down its main and backup servers. The attackers hacked the e-hospital service which manages the patient data system, affecting the outpatient department (OPD) and sample collection services.
What is ransomware?
- Ransomware is a type of malicious software, used by cyber criminals, to infect a computer system by blocking access to the stored data by encrypting the ﬁles.
- A ransom is then demanded from the owner in exchange for the decryption key.
- While it is not yet clear as to how exactly the AIIMS computer systems were targeted, the malware may usually be injected remotely by tricking the user into downloading it upon clicking an ostensibly safe web link sent via email or other means, including hacking.
- It can spread throughout the network by exploiting existing vulnerabilities.
- Ransomware attacks can also be accompanied by theft of sensitive data for other sinister motives.
Are Ransomware Attacks in India are Rising?
- Many research data shows that in the first four months of 2022, the number of cyberattacks on the healthcare industry rose by 95.34 per cent compared to the same period in 2021.
- The Indian healthcare sector was the second most targeted when it comes to cyberattacks worldwide.
- Protecting patients’ medical and financial information has emerged as a new challenge for healthcare organisations.
- According to Indusface, an application security SaaS company, there were more than 1 million cyber attacks of various types across Indusface’s global healthcare clientele. Of these, 278,000 attacks were reported in India, highlighting the vulnerabilities of the Indian healthcare sector.
- Immediate challenges to the healthcare sector include phishing and BEC (business email compromise), ransomware attacks, DDoS (Distributed Denial of Service) attacks, insider threats, critical infrastructure and ‘Medjacking’, etc.
How serious are ransomware attacks?
- In India, several cases of ransomware attacks targeting commercial and critical infrastructure have been reported in the recent past.
- In May, Spicejet had faced such a threat, while Public Sector Undertaking Oil India was targeted on April 10. Cybersecurity ﬁrm Trellix, in its thirdquarter global report, has identiﬁed 25 major ransomwares in circulation. According to the Interpol’s ﬁrstever Global Crime Trend report presented at its 90th General Assembly.
- In AIIMS’ matter, preliminary ﬁndings by cyber experts have indicated that at least ﬁve of the AIIMS’ servers that hosted data related to more than three crore patients were compromised.
What is the mechanism to deal with cyber attacks in India?
- The Indian Computer Emergency Response Team (CERTIn) is the national nodal agency to deal with cyber attacks.
- CERTIn was set up in 2004.
- It collects, analyses and circulates inputs on cyberattacks; issues guidelines, advisories for preventive measures, forecasts and issues alerts; and takes measures to handle any signiﬁcant cyber security event.
- It also imparts training to computer system managers.
National Cyber Security Coordinator
- The National Cyber Security Coordinator, under the National Security Council Secretariat, coordinates with diﬀerent agencies at the national level on cybersecurity issues.
National Critical Information Infrastructure Protection Centre
- National Critical Information Infrastructure Protection Centre has been set up for the protection of national critical information infrastructure.
Cyber Swachhta Kendra
- The Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for detection of malicious software programmes and to provide free tools to remove the same.
National Cyber Coordination Centre
- The National Cyber Coordination Centre works on creating awareness about existing and potential threats.
What need to be done?
- According to cybersecurity researchers, the most reported attacks in the healthcare industry, which rose during the pandemic, involve the leak or sale of databases on the Dark Web.
- The exploited databases contain Personally Identifiable Information (PII) of patients and healthcare workers, as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc.
- Government agencies involved in the healthcare industry should learn through and abide by USA’s HIPAA’s (Health Insurance Portability and Accountability Act) compliance requirements, create awareness among users regarding cyber-attacks, online scams, and phishing campaigns, set up policies for secure passwords and enable multi-factor authenticat.
- Organizations should frequently update and patch networks, systems, and software. Keep several backups, both online and offline, in different and secure places.
- Keep an eye on logs for any unexpected traffic and activity on websites and other applications.
- Healthcare experts, including hospital staff, should avoid clicking on suspicious emails, messages and links.
Q. Which is the national nodal agency to deal with cyber attacks in India?
Ans. The Indian Computer Emergency Response Team (CERTIn) is the national nodal agency to deal with cyber attacks.
Q. What is Ransomware?
Ans. Ransomware is a type of malicious software, used by cyber criminals, to infect a computer system by blocking access to the stored data by encrypting the ﬁles.
Q. What is HIPAA’s (Health Insurance Portability and Accountability Act)?
Ans. HIPAA (Health Insurance Portability and Accountability Act) is United States legislation that provides data privacy and security provisions for safeguarding medical information.