Why the Indian Healthcare Sector Urgently needs a Robust Cybersecurity Infrastructure
Sandeep is an information security professional having an experience of over nine years. He has worked towards building a stable and reliable cybersecurity firm with several success stories.
India has proved itself to be the fastest-growing digital economies over the past few years and the recent pandemic has further accelerated this growth. One such prominent sector, which has gain rapid growth in digitisation after theCOVID outbreak, is the Indian Healthcare segment. From e-consultations, guided video examinations, email prescriptions, and even e-retail of medicines, digital became a way of medical practice. And just like every other sector, digitisation of Healthcare also involves extensive data collection, storage, and analytics, which is at the core of creating effective innovations in the sector. This is of particular significance in times like COVID, which allows healthcare workers, medical practitioners, and governments to gain insights into disease patterns, outbreak severity, resistance, etc., based on socio-economic and demographic distribution – factors vital in case of innovating vaccines and drafting preventive strategies.
However, with such vast data reserves, digitisation has also made healthcare a more vulnerable sector to cyber-attacks which can play havoc, compromising the confidentiality of patient records, and can lead to both financialfrauds as well as a loss of life. As per industry estimates, stolen records commanded anywhere between $50 to $20,000 until only last year and India has seen a 37 percent increase in cyber-attacks in the first quarter (Q1) of 2020, as compared to the fourth quarter (Q4) of last year.
The Healthcare sector of India is currently rated as the sixth-largest market globally as predicted by Indian Pharmaceutical Congress, and it has also become a prominent target for cybercriminals. According to a report, Banks and Financial institutions – another emerging sector that is adopting digitisation and has been a target of cyber-crimes in India, allocate upto 15-20 percent of their budget for IT security infrastructure. However, Hospitals allocate not more than five percent of their budget, making them increasingly ill-prepared to cyber-attacks. Apart from the numbers, the key factors leading to the urgent need for cyber-security in healthcare can be highlighted as under:
1.Identity Theft: In a country with a population like India, access to significant databases like Personal Identifiable Information (PII) and Personal Health Information (PHI) could help cybercriminals gain information like birth and death records and help facilitate identity thefts, which can lead to direconsequences. From pension and insurance claim benefits to shielding criminals, identity theft could be one of the most dangerous cyber-crimes.
2.Financial Fraud: Vital financial and insurance information is a significant part of the healthcare database. Access to this could lead to organised financial frauds, false insurance claims, and even huge losses toindividual patients as well as hospitals, who could potentially be robbed of the money.
3.Risk of Patient Fatalities: With the rise in healthcare technologies that leverage Machine Learning, Artificial Intelligence, Blockchain, and Internet of Things (IoT), innovations like the Internet of MedicalThings, medical implants, and support devices used as part of essential patient care, have shaped the digital healthcare market. The increased use of connected medical devices for location-based trackers and remote monitoring, especially during the time of the pandemic, has exposed a large amount of data and a number of individual patient lives to cyber-attacks, making them vulnerable to external control or even risk their wellbeing and life, in case of erroneous device usage or complete malfunction brought about by cyber- attacks.
4.Hostage situation for Hospitals & Institutions: There have been instances of ransomware and malware attacks, where hospitals and medical institutes are held hostage, and important files and software are madeunavailable to use until their ransom is paid off. This partial or complete control of hospital operations jeopardises the critical medical care and treatment of 100s or 1000s of patients, especially during trying times like a pandemic.
5. Intellectual Property: Lastly, the vast medical data can be stolen and traded off to multinational pharmaceutical companies who are competing for the development of cutting edge vaccines or even new innovations in medicine and immunology, thereby posing a grave threat to the Intellectual property ofIndian research organisations as well as doctors.
While the Indian government has initiated the Healthcare Data Protection Law under the Ministry of Health and Family Welfare, the Digital Information Security in Healthcare Act (DISHA) is still under progress and may take a while before all relevant security measures can be implemented as a law. In the interim, hospitals and healthcare institutions, Paramedical services, and pharma and medical research organisations need to wake up to the urgent need of data protection and cybersecurity, if they wish to continue leveraging the best in technological advances, without financial and fatal risks.
If India is to retain its image as a country with robust medical and healthcare infrastructure and continue being a preferred choice for medical tourism, healthcare institutes need to position cybersecurity as an enabler of digitaltransformation, increasing investment in building up a security foundation.
India has proved itself to be the fastest-growing digital economies over the past few years and the recent pandemic has further accelerated this growth. One such prominent sector, which has gain rapid growth in digitisation after theCOVID outbreak, is the Indian Healthcare segment. From e-consultations, guided video examinations, email prescriptions, and even e-retail of medicines, digital became a way of medical practice. And just like every other sector, digitisation of Healthcare also involves extensive data collection, storage, and analytics, which is at the core of creating effective innovations in the sector. This is of particular significance in times like COVID, which allows healthcare workers, medical practitioners, and governments to gain insights into disease patterns, outbreak severity, resistance, etc., based on socio-economic and demographic distribution – factors vital in case of innovating vaccines and drafting preventive strategies.
However, with such vast data reserves, digitisation has also made healthcare a more vulnerable sector to cyber-attacks which can play havoc, compromising the confidentiality of patient records, and can lead to both financialfrauds as well as a loss of life. As per industry estimates, stolen records commanded anywhere between $50 to $20,000 until only last year and India has seen a 37 percent increase in cyber-attacks in the first quarter (Q1) of 2020, as compared to the fourth quarter (Q4) of last year.
The Healthcare sector of India is currently rated as the sixth-largest market globally as predicted by Indian Pharmaceutical Congress, and it has also become a prominent target for cybercriminals. According to a report, Banks and Financial institutions – another emerging sector that is adopting digitisation and has been a target of cyber-crimes in India, allocate upto 15-20 percent of their budget for IT security infrastructure. However, Hospitals allocate not more than five percent of their budget, making them increasingly ill-prepared to cyber-attacks. Apart from the numbers, the key factors leading to the urgent need for cyber-security in healthcare can be highlighted as under:
1.Identity Theft: In a country with a population like India, access to significant databases like Personal Identifiable Information (PII) and Personal Health Information (PHI) could help cybercriminals gain information like birth and death records and help facilitate identity thefts, which can lead to direconsequences. From pension and insurance claim benefits to shielding criminals, identity theft could be one of the most dangerous cyber-crimes.
2.Financial Fraud: Vital financial and insurance information is a significant part of the healthcare database. Access to this could lead to organised financial frauds, false insurance claims, and even huge losses toindividual patients as well as hospitals, who could potentially be robbed of the money.
3.Risk of Patient Fatalities: With the rise in healthcare technologies that leverage Machine Learning, Artificial Intelligence, Blockchain, and Internet of Things (IoT), innovations like the Internet of MedicalThings, medical implants, and support devices used as part of essential patient care, have shaped the digital healthcare market. The increased use of connected medical devices for location-based trackers and remote monitoring, especially during the time of the pandemic, has exposed a large amount of data and a number of individual patient lives to cyber-attacks, making them vulnerable to external control or even risk their wellbeing and life, in case of erroneous device usage or complete malfunction brought about by cyber- attacks.
4.Hostage situation for Hospitals & Institutions: There have been instances of ransomware and malware attacks, where hospitals and medical institutes are held hostage, and important files and software are madeunavailable to use until their ransom is paid off. This partial or complete control of hospital operations jeopardises the critical medical care and treatment of 100s or 1000s of patients, especially during trying times like a pandemic.
5. Intellectual Property: Lastly, the vast medical data can be stolen and traded off to multinational pharmaceutical companies who are competing for the development of cutting edge vaccines or even new innovations in medicine and immunology, thereby posing a grave threat to the Intellectual property ofIndian research organisations as well as doctors.
While the Indian government has initiated the Healthcare Data Protection Law under the Ministry of Health and Family Welfare, the Digital Information Security in Healthcare Act (DISHA) is still under progress and may take a while before all relevant security measures can be implemented as a law. In the interim, hospitals and healthcare institutions, Paramedical services, and pharma and medical research organisations need to wake up to the urgent need of data protection and cybersecurity, if they wish to continue leveraging the best in technological advances, without financial and fatal risks.
Hospitals allocate not more than five percent of their budget, making them increasingly ill-prepared to cyber-attacks
If India is to retain its image as a country with robust medical and healthcare infrastructure and continue being a preferred choice for medical tourism, healthcare institutes need to position cybersecurity as an enabler of digitaltransformation, increasing investment in building up a security foundation.
