After ransomware attack, AIIMS pushes for maintaining cyber hygiene

Months after a cyber attack crippled medical services for many weeks at country’s premiere medical institute, the All India Institute of Medical Sciences (AIIMS), last week issued a standard operating procedure (SoP) for all of it’s medical staff including doctors, officials regarding use of pen drives.
The SoP issued on April 27 says that no pen drive, USB, or external storage media should be allowed to be connected on AIIMS network. The official communication from AIIMS accessed by CNBC-TV18 also directs use of official email id for official data transfer.
“Under no circumstances will USB be allowed on a system that needs access to e-hospital. Removable media (pen-drives/external hard disks etc) are a major source for spread of viruses and malicious software. Indiscriminate use of USB pen drives, external hard drives etc can put the user as well as the institute data at risk. It is the responsibility of all of us to ensure that we maintain cyber hygiene in use of USB drives such that the risk to the critical IT applications running at AIIMS is minimized and viruses do not spread on the AIIMS network” said the advisory.
For those systems not connected to AIIMS network or are connected to an open internet, the advisory said that only designated pen drives and external storage media shall be used and users are required to minimise the use of USB device belonging to outsiders.
The SoP warned that the advisory was to be followed on immediate basis and non-adherence to these directions will be viewed seriously and any lapse can call for a strict disciplinary action against the user.