KEM Hospital is the one of the largest tertiary hospitals in the city
KEM Hospital is the one of the largest tertiary hospitals in the city

Even as 74 countries round the globe are dealing with a sophisticated ransomware cyber attack, locally, patients at one of the largest tertiary hospitals are being subjected to a vulnerability of the silliest variety. At KEM Hospital, with ATMs running dry and no wireless card machine, the pharmacy is expecting customers to simply hand over their debit cards and their PINs to a stranger behind the counter, or else figure out a way to pay in cash.

On May 15, this reporter went to verify the reports out of the hospital, and headed to the pharmacy inside KEM, only to be met with a serpentine queue.

mid-day also spotted the man at the counter seeking the customers' debit cards and making them write their PINs on a piece of paper. When some refused, they were asked to simply pay in cash — which at the time was not possible considering the ATM machines in the premises are all running dry.

Also read - Ransomware attack: RBI issues advisory to banks to update software at ATMs

Justifying the demand
When a patient questioned the absurd practice, one of the attendees replied, "We don't have wireless card machines, so we have to take it to another counter to swipe," adding, "A wireless swipe machine becomes costlier for patients, as the charges go up and the patients start shouting about it, so we do this."

However, cyber experts say that the practice of making patients write down their ATM pins makes them vulnerable to cyber crime or card siphoning.

Saumya Pandey, IT professional
Saumya Pandey, IT professional

Patients miffed
Saumya Pandey, an IT professional, was at the KEM Hospital for dental treatment when she was made to hand over her pin.

"I tried to withdraw money from the ATM in the hospital, but as it is dysfunctional, I decided to pay through my card. I was shocked when they asked me for my pin number after taking my card. Then one of the pharmacists went to another counter inside the emergency ward and swiped my card."

"But I have never seen such a thing. Also, it is so risky, but since I didn't have the money, I was left with no option," she said.

Reportedly, the swipe machine was installed in the hospital after demonetisation, but patients question how the hospital can condone this practice of demanding pins from customers.

Experts weigh in
Meanwhile, disputing the hospital pharmacy's claim that there is a surcharge for wireless machines, bankers refute the charge and say that it is not the practice.
A senior official from cyber cell added that though not illegal, the practice is not recommended because it is extremely risky.

Cyber expert, Ritesh Bhatia also said, "Firstly, no one has the right to ask for the PIN. How can you trust the person who is taking your card? It takes a second to make a copy of the card. Now if the person also knows the PIN, he can clone it and use it later."

He added, "Additionally, as most patients at KEM are from a poor and technologically challenged background, they may also not know how to change their make, making them even more susceptible. This is irresponsible."