Cyber threat looms over healthcare industry

By OneIndia Staff Correspondent

Published: Wednesday, December 7, 2022, 16:22 [IST]

Add as a preferred source on Google

Besides the cyber attack on AIIMS Delhi, similar breaches were also reported in Delhi's Safdarjung Hospital, Sree Saran Medical Center in Tamil Nadu and Mumbai airport's Terminal 2

New Delhi, Dec 07: Within a week of the cyber attack at All India Institute of Medical Sciences or AIIMS in Delhi, there were several other breaches reported that have put the system under duress. Delhi's Safdarjung Hospital, Sree Saran Medical Center in Tamil Nadu and Mumbai airport's Terminal 2 are some of the recent victims of the cyber attack.

The attack at AIIMS is more concerning as it has led not only to a humanitarian crisis, but also the theft of data of high-profile personalities. In all five main servers were targeted. Further, data showed that there were over 1,600 searches on the Dark Web for stolen AIIMS data. The stolen data also included details of VVIPs, including politicians and celebrities.

In the case of servers down at Mumbai international airport, the spokesperson maintained that the disruption in the network was temporary and the internet services were back to normal. "There was a network interruption resulting from a cable cut during some construction work in the city. This interrupted the various ticketing systems. All systems are now restored and working," MIAL said in a statement. "As soon as the server went down our staff started issuing boarding passes manually to avert flight delays," said an official of an airline.

ICMR website had 6,000 hacking attempts in 24 hours
The server of the Indian Council of Medical Research (ICMR) faced around 6000 hacking attempts over a span of 24 hours but their attempts were foiled. News agency PTI reported that National Informatics Centre (NIC) prevented the cyber attack. "The contents of the ICMR website are safe. The site is hosted at NIC Data Centre, hence the firewall is from NIC which they regularly update. The attack has been prevented successfully," PTI reported quoting a government official.

The official said that hackers apparently from Hong Kong tried to attack the website on November 30.

Rise in Cyber attacks
Even as India's internet base continues to widen, a parallel rise in the frequency and the targets of cyber attacks has become a matter of huge concern. This has put a large amount of data at risk.

According to government data, there were 674,021 cyber security incidents reported this year up to June. According to data tracked by the Indian Computer Emergency Response Team (CERT-In), a total of 3,94,499, 11,58,208, and 14,02,809 cyber security incidents were reported in 2019, 2020, and 2021 respectively, reported news agency IANS.

Healthcare Industry second highest target of hackers

Homegrown cyber security firm Cloudsek that provide cyber threat intelligence to the Indian cybersecurity watchdog CERT-In, claimed in a report that, in the first four months of 2022, cyber attacks against the global healthcare industry rose by 95.3 per cent compared to the same period in 2021.

The Indian healthcare industry was the second highest globally in the segment with 7.7 percent of the attacks on the industry being witnessed in the country in 2021. The report further said that the number of cyber attacks also compromised over 71 lakh records.

Which healthcare segments are most vulnerable?

According to Forbes' report, the difficulty lies in the fact that there are many networks and digital complexes in any clinic or hospital: EHRs, e-prescribing and decision support systems, intelligent heating, ventilation, and air conditioning (HVAC), infusion pumps, medical internet of things (IoMT) devices, etc. All of them can be threatened by cyber criminals.

What can hospitals can do?

Given that hybrid warfare or coordinated physical and cyber-attacks is the future of warfare, many countries have built effective firewalls to protect their data. In the case of healthcare industry, the best way to minimize damage caused by a cyber attack is by following some safety measures:

Training on cybersecurity: Educating healthcare workers to avoid potential security breaches. According to an IONOS Cloud study, 40 per cent of the employees do not have cybersecurity expertise or knowledge of data protection. Therefore, professional and regular training on cybersecurity is essential. The employees should be able to recognize phishing emails.

Backup storage and restoration: Cyber attacks can damage and delete valuable patient information. So, the best way to to employ seamless backup, offline storage and restoration techniques. It should be routinely monitored, and weekly checks carried out to test restoration from back-up are error-free.

Monitoring of mobile and connected devices: Mobile phones, apps have become standard practice for doctors and administrative personnel. Hackers can steal information, passwords and smartphones themselves, hack connected devices, eavesdrop and even reconfigure them.

Biometrics: Use of Biometrics such as an eye scan or facial recognition to assess identification matters.