India health data facing rising risk of cyberattacks

The Indian healthcare sector is under the constant Cyberattacks, resulting in sensitive data leaks, significant financial losses, disruption of operations, and damage to hospital's goodwill. The healthcare industry in India has faced 1.9 million cyberattacks in 2022 till November 28. India was the biggest target for cyberattacks after the United States in 2021 and 2022, with nearly 500 attacks last year, an increase of nearly a fourth. It has also brought with it new challenges in cybersecurity.

We have witnessed the incidents of Sun Pharmaceuticals' attack, AIIMS cyber-attack happened twice, and Safdarjung Hospital's hacking attack, putting the spotlight on the need

for stronger cybersecurity infrastructure in the healthcare industry. A report says, AIIMs Security and IT infrastructure is managed by the Doctors but not the experts into cyber security. Whereas, the IT professionals have to take up this job.

Now the question is, is the Government thinking seriously to privatise the facilities in AIIMS (All India Institute of Medical science) and if it is so, Does Privatization Serve the Public Interest?

Last year, responding to reports of breaches of data from India's CoWIN vaccine portal, the head of the National Health Authority, RS Sharma, said that it had "state-of-the-art security infrastructure and has never faced a security breach." Whereas, Sharma's own personal data was exposed in a massive leak of CoWIN data via the Telegram app. Officials first denied a breach had taken place, then days later, Delhi police said they had arrested two individuals in relation to the leak.

The recent breaches of health data are particularly concerning, as they leave individuals vulnerable to scams, harassment and discrimination without remedy in the absence of a data protection law in the country.

Under the ambitious Digital India programme, there is increasing digitisation of data and services in the country. The national digital health mission that aims to link individual health records to a unique ID similar to the Aadhaar ID, has raised concerns about data security and the potential for misuse. There is a question of how effective the bill will be? and whether government agencies will be exempt from accountability in case of a breach?

Going forward, the more the data, the more it can be abused. If you can access the entire medical history of individuals, imagine how valuable that is for the private sector; how will it be protected from misuse, remains a question mark .

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA