Hackers allegedly tried to breach the website of the apex health research body ICMR but their attempts were foiled, government officials said on Tuesday.
The attempted attack on the ICMR website was prevented by the firewall/security measures of NIC, they said, adding further steps are being taken to enhance cyber security.
The hacking attempts come close on the heels of the alleged ransomware attack that had paralysed online services at the AIIMS here.
The officials said that hackers apparently from Hong Kong targeted the website of the Indian Council of Medical Research around 6000 times in a span of 24 hours on November 30.
“The contents of the ICMR website are safe. The website did not witness any downtime.
“The site is hosted at NIC Data Centre, hence the firewall is from NIC which they regularly update. The attack has been prevented successfully by the firewall/security measures of NIC,” the official said.
In the wake of the hacking attempts, the Secretary of the Department of Health Research (DHR) and Director General of ICMR, Dr Rajiv Bahl, reviewed cyber infrastructure and security practices at ICMR on December 2, an official source said.
“It was briefed that the website of ICMR is hosted in the National Informatics Centre (NIC) cloud after a security audit by a CERT-IN empaneled agency. The website is protected by NIC firewall and other security measures.
“The ICMR also in-house hosts web and data portals of various programs of ICMR. The in-house infrastructure is protected by a customized open-source firewall (PFSense). Further, inbound and outbound internet traffic is strictly controlled and regularly monitored for any suspicious activity on all the active interfaces,” the source said.
The Secretary, DHR directed that in light of the recent attack on AIIMS and other medical institutions, cyber-infrastructure security, particularly web portals and data, needs to be enhanced at ICMR.
It was decided that following best practices, the critical web and data portals will be migrated to Government Community Cloud (GCC).
A request for proposal (RFP) for procuring GCC is already being prepared and is in the final stages, the source stated.
A proposal for developing an ICMR Data Centre (Delhi and Chennai) and a Disaster-Recovery site (Bangalore) is being developed on a turnkey basis.
A network security audit of ICMR and various locations will be executed on an urgent basis, the source said.