Indian Healthcare Urgently Needs a Robust Cyber-Security Framework
By Sandeep Kamble
India has proved itself to be the fastest-growing digital economies over the past few years and the recent pandemic has further enhanced this growth. One such prominent sector, which has gain rapid growth in digitisation after the COVID outbreak, is the Indian Healthcare segment. From e-consultations, guided video examinations, email prescriptions, and even e-retail of medicines, digital became a way of medical practice. And just like every other sector, digitization of Healthcare also involves extensive data collection, storage, and analytics, which is at the core of creating effective innovations in the sector.
This is of particular significance in times like COVID, which allows healthcare workers, medical practitioners, and governments to gain insights into disease patterns, outbreak severity, resistance, etc., based on socio-economic and demographic distribution – factors vital in case of innovating vaccines and drafting preventive strategies.
However, with such vast data reserves, digitization has also made healthcare a more vulnerable sector to cyber-attacks which can play havoc, compromising the discretion of patient records, and can lead to both financial frauds as well as a loss of life. As per industry estimates, stolen records commanded anywhere between US$50 to US$20,000 until only last year and India has seen a 37% increase in cyber-attacks in Q1 of 2020, as compared to Q4 of last year.
The Healthcare sector of India is currently rated as the sixth-largest market globally as predicted by Indian Pharmaceutical Congress, and it has also become a prominent target for cybercriminals.According to a report, Banks and Financial institutions – another emerging sector that is adopting digitization and has been a target of cyber-crimes in India, allocate up to 15-20% of their budget for IT security infrastructure. However, Hospitals allocate not more than 5% of their budget, making them increasingly ill-prepared to cyber-attacks.Apart from the numbers, the key factors leading to the urgent need for cyber-security in healthcare can be highlighted as under:
- Theft identification: In a country with a population like India, access to significant databases like Personal Identifiable Information (PII) and Personal Health Information (PHI) could help cybercriminals gain information like birth and death records and help facilitate identity thefts, which can lead to dire consequences. From pension and insurance claim benefits to shielding criminals, identity theft could be one of the most dangerous cyber-crimes.
- Financial Fraud: Vital financial and insurance information is a significant part of the healthcare database. Access to this could lead to organised financial frauds, false insurance claims, and even huge losses to individual patients as well as hospitals, who could potentially be robbed of the money.
- Risk of Patient Fatalities:With the rise in healthcare technologies that leverage Machine Learning, Artificial Intelligence, Blockchain, and Internet of Things (IoT), innovations like the Internet of Medical Things, medical implants, and support devices used as part of essential patient care, have shaped the digital healthcare market. The increased use of connected medical devices for location-based trackers and remote monitoring, especially during the time of the pandemic, has exposed a large amount of data and a number of individual patient lives to cyber-attacks, making them vulnerable to external control or even risk their wellbeing and life, in case of erroneous device usage or complete malfunction brought about by cyber-attacks.
- Hostage situation for Hospitals and Institutions:There have been instances of ransomware and malware attacks,where hospitals and medical institutes are held hostage, and important files and software are made unavailable to use until their ransom is paid off. This partial or complete control of hospital operationsjeopardises the critical medical care and treatment of 100’s or 1000’s of patients, especially during trying times like a pandemic.
- Intellectual Property: Lastly, the vast medical data can be stolen and traded off to multinational pharmaceutical companies who are competing for the development of cutting edge vaccines or even new innovations in medicine and immunology, thereby posing a grave threat to the Intellectual property of Indian research organisations as well as doctors.
While the Indian government has initiated the Healthcare Data Protection Law under the Ministry of Health and Family Welfare, the Digital Information Security in Healthcare Act (DISHA) is still under progress and may take a while before all relevant security measures can be implemented as a law. In the interim, hospitals and healthcare institutions, Paramedical services, and pharma and medical research organisations need to wake up to the urgent need of data protection and cybersecurity, if they wish to continue leveraging the best in technological advances, without financial and fatal risks.
If India is to retain its image as a country with robust medical and healthcare infrastructure and continue being a preferred choice for medical tourism, healthcare institutes need to position cybersecurity as an enabler of digital transformation, increasing investment in building up a security foundation.
(The author is Founder and CTO at SecureLayer7 and the views expressed in this article are his own)