The medical and pharmaceutical sectors in India are nowhere near their international counterparts in efforts to safeguard data security.

Over the years, the global healthcare sector has borne the brunt of numerous cyberattacks such as the WannaCry ransomware campaign in 2017 that forced the National Health Services (NHS) in the United Kingdom to stop all its services; emergency room doors were shut in the United States; and even those with a dire need for treatments were turned away.

India, one of the most affected countries in this security breach, has seen its fair share of cyberattacks: a notable one being the leak of nearly 35,000 electronic medical records from a Maharashtra-based pathology lab. The development of cloud technology, wearable medical devices, the ability to track individuals’ own health metrics, and the requirement for social distancing have necessitated that medical consultations go online.

As the healthcare industry here grows to rely on technology and digitalization, it is increasingly becoming a target of ransomware. The health data related to a patient’s conditions, billing details, insurance and other personal information are of high value in the black market. Therefore, both the patients and the organizations are becoming a vulnerable to malware, ransomware and phishing attacks.

Yet, despite the rise in threats, cybersecurity awareness in India’s medical is still not adequate. Even though hospitals have their own IT department to tackle these issues, comprehensive cybersecurity measures have not been implemented in the sector.

Healthcare data security woes

According to Biju Velayuthan, Chief Information Officer at the Coimbatore-based G. Kuppuswamy Naidu Memorial Hospital: “A major issue in the sector is the mindset. Most organizations believe data theft would not happen. When positive changes are happening all over the world, Indian hospitals still question the need to safeguard their data.”

Cyberattacks do not happen overnight; they are well-planned. The more vulnerable a sector is, the more it would be vulnerable to such attacks. Velayuthan also pointed out that in India, medical data is not stored in the cloud, but confined to data center within the country. Therefore, organizations tend to believe that they are not exposed. He argues that the sector is not integrated as a whole, whereas international data repositories are a part of the government mandate. When there is a clear mandate on a common data repository, the sector would bolster its data protection, Velayuthan said.

Same situation in the Pharma sector
The pharmaceutical sector here faces the same cybersecurity threats. The issue here starts with the budget allocation and upgrading to newer technology. Saravanan Narayanasamy, Director of VIBS Infosol, said: “Some companies use an old and outdated version of security software that makes updating to newer technology difficult. We typically spend months trying to convince an organization for the budget for a higher quality, but costlier security software.”

Narayanasamy, who works closely with the pharma companies, mentions that only a few top names in India have robust data security in place. The rest opt for cheaper version of firewalls that are good enough for only basic infrastructure security. These cannot withstand the latest, sophisticated attacks. “Companies are focused on protecting only the production floor and not the users,” he noted. “This allows their servers to be hacked and mined for Bitcoins.”

There have been ransomware attacks in the sector, yet the organizations have not updated to better quality software, Narayanasamy lamented. For the industry to protect itself, it has to be open to newer technology for enhanced security.

Much room ahead for improvement
In the developed countries, cybersecurity and data protection are the topmost priority. According to Vijay Anand Bernard Shaw, Vice-President, Global IT&IS, CorroHealth: “Data stored in the Indian healthcare sector is not deemed very critical and not as integrated as it is in the US, where it is mandatory for hospitals to store prescriptions and data in the cloud. In India, prescriptions are still paper-based.”

Bernard Shaw, who deals with hospitals and hospital channels in the US, added: “The Indian healthcare and pharmaceutical sectors have a long way to go to ensure the users’ data remains safe and out of reach of hackers and other online miscreants.”