How the Indian healthcare industry safeguard against cyber threats
Article by Sandeep Kamble- Founder & CTO- SecureLayer7
The Indian healthcare sector is one of the fastest growing sectors in the country and is estimated to reach a market size of USD 320 Million, by 2022. Along with supportive government policies, accelerated technology adoption and leveraging emerging tech innovations, across the country, is one of the key drivers of growth for the sector. From robotics and AI to ML, IoT, Nanotech, and 3D Printing, the Indian health tech is fast progressing to become world leaders. The pandemic has further accelerated digital adoption across smaller, non-urban health service providers, making it accessible to masses. As per a report by the CII, the global health-tech sector is expected to grow upto $297 billion by 2022, registering a CAGR of 13.2 percent from 2016 to 2022.
Additionally, a recent report by health-tech start-up Practo, states that upto 5 Cr. Indians have turned to the virtual medium for some or the other health care need, between March 1 and May 31, 2020, during the national lockdown, recording a 500% jump in online doctor consultations. The report also states that up to 80% of the respondents were trying the e-consultations for the first-time and 44% were from non-metro cities.
However, with this rise in tech adoption, the sector is increasingly being vulnerable to cyber-attacks and frauds. India continues to remain the second largest country to face cyber-attacks and has already seen a 37% increase in cyber-attacks in the first quarter (Q1) of 2020. Also, upto 73% of all cyber-crime recorded, as per a report by KPMG, can be attributed to malware (KPMG 2017), and Ransomware, both of which have been particularly impacting the healthcare industry.
Cyber-attacks and frauds ranging from Identity theft, Financial fraud, Malware, and Phishing to even serious threats like hostage situation in healthcare institutions and compromise on Intellectual property and confidential research findings, etc., have been severely plaguing the Indian Healthcare Industry. Moreover, hospitals in India allocate not more than 5% of their budget, making them increasingly ill-prepared to cyber-attacks. Listed below are key initiatives and actions that the Indian healthcare sector can incorporate, to counter cyber-attacks:
- Integrating security into medical devices:
With the increasing number of medical tech devices and the use of IoT, ML and AI across various streams of diagnostics, preventive and remedial medicine, it has become vital to ensure the integrated safety of these connected devices, as they could mean a matter of life and death for patients.
- Awareness and training about cybersecurity:
The lack of cybersecurity awareness continues to be one of the strongest reasons why cyber frauds and crimes are so prevalent. Building a task force, within the organisation, that can help practice due diligence, be vigilant and identify or report a cyber-threat in time, can go a long way in controlling or avoiding cyber-attacks.
- Regular Security Testing and Risk Assessment:
This is another most significant aspect of creating a robust cybersecurity infrastructure. Most institutions, including healthcare centres, do invest in recommended cybersecurity infrastructure, however, they fail to ensure regular security testing and risk assessment. This is extremely vital, given that new patent data, equipment, repairs and are added on a daily basis. Additionally, with remote access, and use of mobile friendly applications to check updates and reports, has given rise to end point security vulnerabilities which need to be effectively monitored and fixed regularly. Penetration or Pen test, which mimics a cyber-attack, to actually find loopholes and fix them proactively, is another important defense mechanism used for effective cyber security maintenance. Taking tips from the American HIPPA model of compliance and data security, a regulatory framework for institutions, that describes stringent guidelines for safeguarding patient data and financial information, is the need of the hour.
- Information sharing on threats and mitigation:
As a sector, one of the most significant steps towards building an effective cybersecurity ecosystem, is information sharing about industry specific threats, weaknesses or to highlight specific incidents and discuss the mitigation of the same. By highlighting and sharing information of individual cyber-attack incidents, on an industry platform, can help members be more aware, vigilant and work together to create a robust approach to the healthcare-focused cyber-attacks.
Although nascent, the data privacy and cybersecurity awareness in the Indian Healthcare Sector is steadily rising and with effective education, awareness, and means to handle the rising cyber threats and data breaches. As technology innovations continue to enhance and disrupt the way healthcare is provided, more and more lives will start depending on the new technology-driven infrastructure for their basic wellness and even their lives. Under such circumstances, it is vital to ensure the process and the devices are secure and not vulnerable to foreign cyber-attacks.