The Delhi Police has asked the Central Bureau of Investigation (CBI) to seek details from Interpol and other agencies about the IP addresses of the two email IDs from China and Hong Kong in connection with the AIIMS server attack.
Police said their investigation into the cyberattack led them to IP addresses which belong to Hong Kong and China’s Henan Province. These were used to encrypt system files in the five servers at AIIMS.
Multiple agencies are probing the matter. The Delhi Police’s IFSO (Intelligence Fusion & Strategic Operations) unit said it was only looking for the accused hackers and people involved in the cyberattack. Data restoration, server repair and system security does not fall under their purview.
A senior police officer said: “We have written to CBI since it is a central agency that can interact with Interpol. Interpol can then approach companies in China and Hong Kong to get details about the IP addresses. This is procedural. They will push international authorities… While the IP addresses show China and Hong Kong locations, it doesn’t necessarily mean the hackers are there. It could be a virtual server with a different location.”
Subscriber Only Stories
The cyberattack took place on November 23. At least five servers at AIIMS containing data on OT operations, patient files, doctors’ data and other medical information were hacked and hospital systems were down for days. Data of more than 3-4 crore patients was compromised.
“We have been told the data encrypted was around 1-2 terabytes. However, officials have now started retrieving data and the 5 servers are active now,” added the officer.
The hackers also left a message with the encrypted emails seeking ransom.
Senior cyber cell officials said the note was shared with them and that they have registered a case of extortion and invoked sections of the Information Technology Act. The Computer Emergency Response Team is looking into the cyber security of the systems and the systems hacked.