AIIMS Delhi Ransomware Attack: India’s Leading Hospital Still Recovering After Cyber Assault Linked to Chinese Hackers
Executive Summary
Weeks after a major ransomware attack crippled key digital services, AIIMS Delhi, one of India’s top healthcare institutions, continues to face disruptions, with several critical systems still not fully restored. The attack, linked to Chinese hacking groups, severely affected patient care, administrative operations, and access to essential medical services.
AIIMS Delhi Continues to Grapple with Cyber Aftermath
The All India Institute of Medical Sciences (AIIMS) in Delhi, India’s premier healthcare institution, is still struggling with the aftermath of a severe ransomware attack that occurred several weeks ago. While certain services have been gradually restored, the hospital’s core digital infrastructure remains only partially functional. The initial cyber assault crippled critical servers responsible for patient registration, appointment scheduling, billing, and laboratory operations — causing significant disruption to patient care and administrative workflows across the facility.
Investigations into the incident have indicated possible links to Chinese hacking groups, though final confirmation and detailed attribution are still under review by law enforcement agencies and cybersecurity experts. The attack exposed the vulnerability of India’s healthcare systems to sophisticated cyber threats. The large volume of patient records that became inaccessible during the incident raises concerns about medical data privacy and the possible misuse of sensitive information.
The extended recovery timeline at AIIMS Delhi highlights the urgent need for stronger cybersecurity measures across critical national infrastructure. Hospitals and healthcare organizations in India should prioritize advanced threat detection, end-to-end ransomware protection, robust data recovery frameworks, frequent security audits, and continuous cybersecurity training for staff. This incident serves as a powerful reminder that ransomware attacks can cause long-term operational challenges, affecting public health delivery far beyond the initial system compromise.
