New Delhi: The cyberattack on AIIMS Delhi’s servers, which affected out patient services at the hospital for several weeks, is suspected to have originated from locations in China and Hong Kong, official sources said on Wednesday.According to the Indian Express, the probe into the attack found that the IP addresses of two emails originated from Hong Kong and China’s Henan province. These emails were identified from the headers of files that were encrypted by the hackers, the newspaper reported. However, the person, organisation and exact physical location of those who are linked to the cyberattack have not been identified.While the server address has been tracked to China, it “could be a Chinese physical server or a virtual server”, an anonymous government source told Indian Express.According to the news agency PTI, the Delhi Police has written to the Central Bureau of Investigation (CBI), which will in turn obtain the information through Interpol, they said.The cyberattack on November 23 has paralysed its servers. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.Computer Emergency Response Team (CERT-In), Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, CBI and National Investigation Agency are among the agencies investigating the ransomware incident.With the servers down, the hospital’s outpatient and inpatient digital services, including smart lab, billing, report generation and the appointment system, were affected. Online services resumed partially from Tuesday, a hospital source said.All the backed-up data directly linked to the patient details have been repopulated in the main system and previous patient records are back on the system, the Indian Express reported. An investigation to find if critical data of the institute has been compromised is still underway, the report said.(With PTI inputs)
