An overwhelming increase in cyberattacks is prompting hospitals across India to ramp up their security infrastructure. Experts said the widely-publicised cyberattack on the All India Institute of Medical Sciences (AIIMS) in November was a wake-up call for the industry, leading hospital executives to sharpen focus on security solutions that could strengthen their systems. Cybersecurity firms also said that queries and subscriptions from the healthcare industry have grown since the AIIMS attack.
“There has been a significant surge in demand for cybersecurity solutions in the healthcare sector, with inquiries escalating by 10x-15x,” said Amit Chaudhary, vice president of IP and cyber security at Airtel. Sanjay Katkar, joint managing director and chief technology officer at Quick Heal Technologies, a cybersecurity software firm, said there has been an increase in conversations with hospitals in the last 12 months.
Cyberattacks in the healthcare sector surged 60% in 2022, as compared to the previous year, according to CheckPoint Research. Another cybersecurity firm, IndusFace reported that India was the second-most targeted country after the US in terms of attacks on the healthcare sector last year. It said 278,000 of a million attacks detected on its healthcare customers every month in 2022 were from India.
“The healthcare sector is looking forward to understanding newer cyber security technologies like Endpoint Detection and Response (EDR/XDR), and zero trust user access tools, to replace the old traditional approach of virtual private networks (VPNs) and individual antivirus protections for their endpoints,” said Katkar.
Essentially, hospitals earlier relied on installing security software on electronic devices, and using VPNs to allow doctors and staff to remotely access a hospital’s systems. Now, these are being strengthened with newer tools that focus on verification of identification through more stringent controls to make it harder to penetrate for a hacker.
For instance, R.S. Nehra, Principal Consultant, Cyber Security at Aakash Healthcare, said the hospital has made several upgrades in the past few months. This includes implementation of multi-factor authentication for all employees, which ensures that only authorised individuals have access to sensitive data. The hospital has also upgraded its firewalls and intrusion detection mechanisms to strengthen network security.
“We have seen a significant improvement in our overall cybersecurity posture, as a result of these upgrades. Our systems are better equipped to detect and prevent cyber-attacks, and our employees are more aware of potential threats and best practices for maintaining data security,” Nehra said.
Further, Shikha Sharma, Head of Information Technology (IT) at Delhi’s PSRI Hospital said the hospital has deployed new and upgraded solutions. The hospital has implemented an “advanced firewall” that offers “advanced threat protection” — a security industry term used to describe solutions that combine cloud security, email security and more to provide protection from complex malware, phishing campaigns etc.
PSRI has also deployed new software on machines connecting to its network, which helps segregate the network for different departments, and makes it more difficult for hackers to compromise an entire hospital’s data by penetrating one department. This software, called endpoint detection and response (EDR) software, works on laptops and desktops, servers, and more and alerts tech teams when it detects suspicious activity.
Nandkishor Dhomne, chief information officer of Manipal Hospitals, said it has upgraded firewalls on all of its group hospitals and conducted detailed assessment of its security landscape to plug possible gaps.
