Cybercriminals hack server of Mysuru hospital, demand ransom in bitcoin to release data

MYSURU: At a time when there is a growing threat of ransomware attacks on hospitals across the globe, a private hospital in Mysuru is the latest victim. In the incident which has come to light after nearly 15 days, cybercriminals hacked the main financial server of the hospital gaining access to financial data and patient data.

The cybercriminals who have blocked access to the system by encrypting the data have demanded a ransom from the hospital in the form of bitcoin to release the data.

According to a complaint filed at the cyber crime police station, the incident was reported on November 14 when the hospital management received a pop up message on their system sent by a hacker claiming they had hacked the main financial server of the hospital and gained access to financial and patient data.

The hackers have said they would release the data only if a ransom in the form of bitcoin is transferred to the email ID sent by them, according to a complaint filed on November 19.

The cyber crime police registered a case based on the complaint and initiated the process to trace the location of the hackers.

“Cybercriminals attack a computer or network of hospitals with ransomware via email attachments that look genuine and legally sent by any organisation and pharmacy groups. They block access to the system or encrypt the data and would demand ransom money from the victims to decrypt it. As police can trace these criminals if the ransom money is paid via bank transaction, they have demanded it in the form of bitcoin,” said Dr Ananth Prabhu G, a cyber-security expert.

He said healthcare data is very sensitive as it contains medical history, which is very private and needs to be handled with care.

“It is very important for the hospital authorities to train their staff on cyber security. They need to have an updated version of anti-virus which can protect them. One needs to ensure that all email attachments are scanned before downloading, which can prevent such ransomware attacks,” he suggests.

Meanwhile, the private hospital management confirmed to TNIE that a ransomware attack was reported at their hospital but denied that patient data was leaked. The investigation team revealed that an FIR has been registered under the Information Technology Act-2020 under section 65 and 43.

City police commissioner Dr Chandragupta told TNIE that an FIR has already been registered in this regard. “We have sent an email to the concerned authorities after finding the domain registered by the cybercriminal who had sent the email. We are expecting cooperation from them and the investigation will happen based on it. Since the hospital had a backup, they are using it and functioning,” he said.  

Sources revealed that the attack might have been done by a cybercriminal from Germany as the IP address has been traced to a location there.