Moscow departments will purchase EMIAS support services for 665 million rubles

The procurement list of the Moscow Department of Information Technology contains 22 copies of an electronic copy of the information security event management tool, 64 copies of the information security process automation tool, and 11 copies of the tool for protection against unauthorized access to information. All goods must bear the Positive Technologies trademark without permission to supply equivalents. The recipient of the products will be the IAC. The rights to use the software provided by the future contractor must be valid for three years from the date of installation of the programs. The delivery itself must be completed within 15 calendar days from the date of conclusion of the contract.

The technical task attached to the IAC tender states that the purpose of providing the purchased services is a technical examination of the quality of the EMIAS software and an analysis of the compliance of this indicator with the standards stated in the design and operational documentation. The work involves several types of testing: regression, automated regression, installation and performance testing. The most labor-intensive service, according to the customer, will be testing the installation of integration interactions between adjacent systems - one unit of such a procedure may require 65 people/hour. All services must be completed within 730 days.

Positive Technologies JSC, under whose trademark the Moscow Department of Information Technology purchases products, was registered in 2007 in Moscow, according to SPARK-Interfax. The company's website states that it was founded in 2002. The operator develops products, solutions, and services for "effective cybersecurity." Positive Technologies, in particular, provides services to companies in the energy sector (Rosenergoatom Concern JSC), the financial sector (Moscow Credit Bank PJSC, VTB Bank, the Central Bank of the Russian Federation), and government agencies (the Ministry of Internal Affairs, the Ministry of Foreign Affairs, the Ministry of Defense, the Government of Moscow).

The announcement of the thematic procurement coincided with a statement by the hacker group Silent Crow. On July 20, the Telegram channel of the same name reported that the organization had received "full access to the MIS network serving residents of Moscow and the Moscow region." Potential attackers estimated the total volume of downloaded data at 17 TB. As indicated by Silent Crow, the array included personal data of patients, outpatient cards, visit histories, diagnoses, test results, prescriptions, treatment plans, internal IDs of medical personnel, logins, access rights, as well as technical documentation and access keys to services. Earlier in the week, the group also claimed responsibility for the failure in the work of Aeroflot - experts estimated the damage at $ 10-50 million.

At the moment, neither Moscow nor Moscow region departments have commented on the situation. Vademecum sent a request for official confirmation or denial of the information about the data leak to the Moscow Department of Health and the Ministry of Health of the Moscow Region.

In early July 2025, the developer of information security solutions Servicepipe reported that the number of significant cyberattacks using bots that can lead to resource disruption and data loss in the first half of 2025 in medical technology increased by 26% and reached 339 thousand. For the whole of 2024, analysts recorded 554 thousand attacks. According to Positive Technologies specialists, every 15-20th successful attack is on medical sector organizations.