Harikrishna Prabhu, COO, TechnoBind Solutions
What is the cost of data breaches for India? According to a study, as of July 2022, the average cost of a data breach in India went up to an all-time high of ₹17.5 crores a 6.6% increase from last year. The question is however what is the real cost of a data breach, the answer is – loss of trust and brand value; set back to digital advancement and acceptance; general mistrust of technology. The ransomware attack on one of India’s premier healthcare institutes AIIMS Delhi made the common man question the digitalization of the healthcare sector.
This particular ransomware attack brought down nearly 5 of the hospital’s servers halting all the digital work and forcing the staff to work manually including checking the patients in and out. The biggest hit however was the suspected data encryption of nearly 1.3 TB belonging to the patients. According to various media reports, the initial prognosis of the attack said this incident occurred due to the lack of robust cybersecurity infrastructure.
This hampers the purpose and progress of the sector’s digitization process
The Indian government’s Ayushman Bharat Digital Mission (ABDM) is built to provide a digital health ID to every citizen in the country where health records can be saved securely in digital format. But the increasing and repeated attack similar to that of AIIMS Delhi has made people skeptical about trusting medical data in digitized formats and there is a good reason for it too. As per a data published, in 2022 alone till the month of November India’s healthcare vertical has suffered 1.9 million cyberattacks. As healthcare is a critical infrastructure the threat actors seem to have found this to be a lucrative vertical to take advantage of. The right way is to act rather than react. CERT-In noted a 51% increase in the number of ransomware attacks, including on critical infrastructure in 2021. Currently, the safety of a patient’s data will depend on how safe the hospital servers are. The evident lack of awareness about cyber risks and the use of legacy technologies have contributed immensely to the healthcare sector’s vulnerability.
The solution is an 8-step recalibration of the current cybersecurity infrastructure
- Assess and analyze the current state of the cybersecurity infrastructure in individual hospitals and hospital chains
- Understand the capacity of what the organization needs and put in place cybersecurity solutions relevant to the organization
- Regularly update the software patches and encrypt data
- Conduct frequent training of the staff and random audit exercises to check on any malfunction lacking in the deployed protocols
- Control, limit and manage access to the staff, 3rd party and the leadership teams
- Create a backup, restore and response plan
- Enabling multifactor authentication and biometrics
- Restrict access to external endpoint devices like personal mobile phones, laptops and desktops of healthcare staff