Cyberattacks on India's Healthcare Sector: What Needs to Be Done to Bolster Cybersecurity Defenses?
To bolster cybersecurity defenses in India's healthcare sector, a number of steps need to be taken. Read on to know more about the real threats and how they can be managed using a joint efforts.
India has become a prime target for threat actors in recent years due to its large population, expanding internet user base, and rapid digital modernization. In recent years, we have witnessed cyber incidents across all sectors, including healthcare, which has become even more vulnerable due to its immense value and inherent vulnerabilities. For instance, personally identifiable information (PII) such as names, addresses, Aadhar, and insurance details can be exploited for identity theft or fraudulent financial activities, such as deceptive billing, obtaining prescription drugs, or extorting individuals with sensitive health conditions.
We spoke to Mr. Sandeep Peshkar, Senior Vice President, Arete, to understand what makes India's healthcare sector vulnerable to such cyberattacks, and what is the need of the hour.
India's Healthcare Sector: A Top Target for Cybercriminals
Ransomware attacks on healthcare institutions are not solely about financial gain; they are engineered to cause chaos and discontent. The repercussions are far-reaching when a healthcare provider becomes incapacitated for a week or more. Vital medical procedures are postponed, delaying critical surgeries and leaving patients stranded in hospitals without proper care. This breakdown in service delivery sparks panic and frustration among patients and their families, piling immense pressure on the institution to give in to the threat actors' demands.
- CoWIN Portal Blamed For Data Breach: What Cybersecurity Experts Have To Say
- The Pros and Cons of Digitization of Health Records
- India's Healthcare Ecosystem Demands A Robust Cybersecurity Infrastructure: Here’s What The Experts Say
How to Protect India's Healthcare Sector from Cyberattacks?
According to Arete's data, healthcare ranks fourth among all sectors targeted by ransomware attacks, accounting for 13% of the caseload. Phishing is the most common initial access technique observed in 50.5% of cases, highlighting the need for user training and promoting a culture of healthy skepticism. Implementing strong defensive measures such as software configuration, antivirus/antimalware, network intrusion prevention, and restricting web-based content can neutralize ransomware threats.
While the healthcare sector traditionally prioritizes patient care and operational efficiency over cybersecurity, outdated software, legacy systems, and inadequate investments in cybersecurity worsen the situation. It is thus crucial for healthcare providers to increase digital awareness and invest in the right cybersecurity tools driven by AI/ML to analyze vast amounts of data, thereby detecting patterns and identifying potential risks. These advanced technologies play a crucial role in enabling real-time threat detection, thereby minimizing security breaches' risk.
The rise of ransomware groups targeting hospitals and health systems has become a concerning trend. Beyond that, cyberattacks on pharmaceutical, medical technology, and life sciences companies have wreaked havoc on supply chains, manufacturing, and research, leading to massive financial losses.
These attacks have elevated the importance of cybersecurity to the board level in many health institutions. It's clear that cyber threats are no longer just an IT problem; they have become critical business challenges. This calls for a proactive approach to cybersecurity resilience.
By recognizing the value of healthcare data, implementing effective controls, and prioritizing cybersecurity investments, healthcare organizations can protect sensitive information and ensure the continuity of critical services. India's healthcare sector must collaborate with relevant stakeholders, adopt best practices, and remain vigilant in the face of evolving cyber threats.