The server of the All India Institute of Medical Sciences in New Delhi remained out of service for the seventh consecutive day on Tuesday even as official sources said e-hospital data has been restored on the servers.
The network is being sanitised before the services can be restored as all hospital services, including outpatient, in-patient, laboratories, continue to run on manual mode.
"The process is taking some time due to the volume of data and large number of servers/computers for the hospital services. Measures are being taken for cyber security," a statement issued by the All India Institute of Medical Sciences said.
A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations unit of the Delhi police on November 25.
Meanwhile, two system analysts were suspended by AIIMS on Monday after being served show-cause notices for alleged dereliction of duty.
Official sources said Internet services in the hospital are blocked as per the recommendations of the investigating agencies.
According to the official sources, the NIC e-Hospital at AIIMS is using 24 servers for various hospital modules and four of these servers were infected with ransomware --primary and secondary database servers of e-hospital, and primary application and primary database servers of Laboratory Information System.
Later, ransomware was also found in the elastic search virtual server. 1.4. All infected servers were isolated, they said.
Four new physical servers were arranged, including two from external agencies, for restoring e-Hospital applications.
The databases were restored on these four servers which have been scanned and the data is accessible.
Another four servers of NIC applications were scanned. Of these, viruses were found in two servers, they said.
"AIIMS has around 40 physical and 100 virtual servers. Five have shown signs of virus. These servers are also being set up for scanning and new servers with updated configurations are being purchased as most servers at AIIMS were end of life/end of support," the source said.
The antivirus has been manually installed on nearly 2,400 computers, the source said.
The CERT-In, Delhi cybercrime special cell, the Indian Cybercrime Coordination Centre, Intelligence Bureau, Central Bureau of Investigation, National Investigation Agency, among others, are investigating the ransomware incident.
"Declaring AIIMS as a critical IT infrastructure for cyber security monitoring was discussed with the National Critical Information Infrastructure Protection Centre (NCIIPC) in a meeting held on Tuesday as AIIMS has very sensitive data. This will allow regular monitoring of cyber threats by various agencies," the official source added.