Thiruvananthapuram, June 10 (FN Representative) The recent cyberattack on the Kerala-based Regional Cancer Centre (RCC) was state-sponsored and carried out by Russian hackers. An investigation reveals that the massive cyberattack on the servers of the Thiruvananthapuram RCC was a state-sponsored attack and originated in Russia, sources told UNI. For the last one and a half months, the cyber wing of the Kerala Police has been investigating the case, sources added. “This attack is specifically a crime under Section 66F of the IT Act—cyber terrorism. The functioning of several departments, including radiation, was crippled by the ransomware attack that took place on April 28. Following the incident, the hospital authorities received a ransom demand of USD 100 million from the hackers,” sources said. Additionally, sources disclosed that the hospital’s network security was woefully inadequate. A substantial number of used ports were not adequately configured to secure the RCC network, and many unused ports were left open.
“No layered security or 3-2-1 backup. The hackers gained access to the RCC servers by taking advantage of flaws in the firewall, a network security device. The cyber investigation wing acknowledged that the RCC network—rather than the internet—was the target of the attack.” Cyber experts hope the FIR may be updated appropriately, the sources said. “There were glitches in the firewall script, which affected the monitoring of the “egress” and resulted in data loss. This serious security flaw leading to patient data breaches may make RCC authorities liable to face legal ramifications under Section 43 of the IT Act and the DPDP Act 2023.” “The assertion that data has been recovered appears erroneous, as it has been understood that the data has been restored from magnetic tape backup storage. The RCC authorities have been repeatedly cautioned about their inadequate cyber security measures since the AIIMS cyber-attack in Delhi, but they have ignored these warnings due to a lack of awareness at the board level,” sources pointed out. Radiation treatment had to be stopped for several days as a result of the cyberattack, which had an impact on RCC’s ability to operate as a cancer treatment facility, even for patients from nearby states, sources added. “Additionally, it is likely that several Patients received incorrect radiation dosages, which resulted in casualties. It is said that the hackers took the information belonging to about 20 lakh patients.” The cyber experts expect that the quantitative loss may be assessed appropriately and updated in the FIR registered.