The cyber attack on the AIIMS, Delhi servers is suspected to have originated from locations in China and Hong Kong, official sources said on Wednesday.
Further details have been sought which can be obtained from companies in China and Hong Kong. The Delhi Police has written to the Central Bureau of Investigation (CBI), which will in turn obtain the information through Interpol, they said.
"As of now, the server attack is suspected to have originated from a location in China and a location in Hong Kong," an official source said.
The All India Institute of Medical Sciences, Delhi has around 40 physical and 100 virtual servers. Five have shown signs of virus infection. Data in the five servers is learned to have been retrieved.
AIIMS, Delhi faced a cyber attack on November 23 which paralysed its servers. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.
The internet services were blocked as per the recommendations of the investigating agencies.
Computer Emergency Response Team (CERT-In), Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, CBI, and National Investigation Agency, etc. are investigating the ransomware incident.
With the servers down, the hospital's outpatient and inpatient digital services, including smart lab, billing, report generation, and the appointment system, were affected.
Online services resumed partially from Tuesday, a hospital source said.