Government's Role In Strengthening Cybersecurity In Healthcare
An IIM Ahmedabad alumnus, Vinod is a growth oriented business professional with over three decades of experience across business development, sales & marketing and corporate strategy verticals. Siliconindia recently got a chance to interact with Vinod, wherein he shared his valuable insights on various aspects pertaining to data security and privacy in the healthcare ecosystem, which is currently among the most discussed matter in boardroom meetings across every healthcare business. Read further to know more about this interesting topic –
Tell us about the evolution of cybersecurity in the healthcare industry in recent times.
In today’s rapidly evolving business landscape, the requirements in terms of cybersecurity are different for both industry and business point of view. According to recent statistics, around a million attacks happen on an organization each year, and the number of password attacks per day stands at 29. Thus, in terms of cybersecurity, the demand today is more around targeted attacks, as the intensity of these attacks are expected to further increase in the coming due to the cyber criminals taking due advantage of the ongoing geopolitical crisis globally. Healthcare being a largely public-driven industry and part of the social cause initiatives that the government undertakes, there is no doubt it will be among the most targeted sectors for cyber-attacks globally. Most importantly, healthcare organizations have now realized that cybersecurity is a continuous ongoing journey with no end point.As a result, most organizations are increasingly relying on third-party managed service providers like us to take care of their end-to-end cybersecurity needs.
What are some of the key data security measures hospitals must have in place while offering remote patient care?
Although the concept of remote patient care is still in its nascence in India, the introduction of 5G will no doubt enhance the adoption of remote healthcare practices to a great extent. The 5G coverage which is currently limited to tier-I and a few tier-II cities, is slowly expanding across other regions as well. While this is a very good welcome sign, the traditional attack surface which was earlier limited to only healthcare organizations’ corporate network will now be broadened extensively. As a result, not only are the possibilities of cyberattacks on healthcare organizations much higher now, but they are also more advanced than ever before. Thus, organizations are increasingly adopting zero trust policies, wherein the identity of every individual accessing the company network is analyzed thoroughly and given only those access rights which are necessary for him/ her to complete their tasks. For instance, an individual whose job entails him/her to deal with category-A data is allowed to access only that and restricted from accessing other categories of data.
How can the government strengthen regulatory policies around handling patient data?
While there are already very stringent regulatory policies and frameworks around handling healthcare data, the introduction Digital Personal Data Protection Act (DPDP) last year has further strengthened the cybersecurity landscape not just across healthcare, but other sectors as well. The DPDP Act puts-forth numerous guidelines that every healthcare organization must adhere to in terms of the security of the patient data. Be it data being stolen or held for ransom, these guidelines serve as the frontal defense for the healthcare organizations against such cyber-attacks. However, enforcing all these frameworks effectively will be a key challenge for the government, which if done right, will go a long way in ensuring data security across the entire healthcare ecosystem.
In light of the government’s plan to have a centralized database of patient data, how do you expect the healthcare cybersecurity landscape to evolve in the coming years?
Going forward, I expect more integrated cybersecurity solutions being introduced into the market. Today, while hospitals have access to larger budgets that they can spend for IT security, diagnostics centers function more on a franchise-driven model where there are chances of not having complete control over the safety of data across all centers. With a centralized database, the government will be putting-forth standard frameworks for diagnostic centers that collect any kind of patient data to be centrally managed and also have the necessary cyber security measures in place.
Tell us about the evolution of cybersecurity in the healthcare industry in recent times.
In today’s rapidly evolving business landscape, the requirements in terms of cybersecurity are different for both industry and business point of view. According to recent statistics, around a million attacks happen on an organization each year, and the number of password attacks per day stands at 29. Thus, in terms of cybersecurity, the demand today is more around targeted attacks, as the intensity of these attacks are expected to further increase in the coming due to the cyber criminals taking due advantage of the ongoing geopolitical crisis globally. Healthcare being a largely public-driven industry and part of the social cause initiatives that the government undertakes, there is no doubt it will be among the most targeted sectors for cyber-attacks globally. Most importantly, healthcare organizations have now realized that cybersecurity is a continuous ongoing journey with no end point.As a result, most organizations are increasingly relying on third-party managed service providers like us to take care of their end-to-end cybersecurity needs.
Although the concept of remote patient care is still in its nascence in India, the introduction of 5G will no doubt enhance the adoption of remote healthcare practices to a great extent
What are some of the key data security measures hospitals must have in place while offering remote patient care?
Although the concept of remote patient care is still in its nascence in India, the introduction of 5G will no doubt enhance the adoption of remote healthcare practices to a great extent. The 5G coverage which is currently limited to tier-I and a few tier-II cities, is slowly expanding across other regions as well. While this is a very good welcome sign, the traditional attack surface which was earlier limited to only healthcare organizations’ corporate network will now be broadened extensively. As a result, not only are the possibilities of cyberattacks on healthcare organizations much higher now, but they are also more advanced than ever before. Thus, organizations are increasingly adopting zero trust policies, wherein the identity of every individual accessing the company network is analyzed thoroughly and given only those access rights which are necessary for him/ her to complete their tasks. For instance, an individual whose job entails him/her to deal with category-A data is allowed to access only that and restricted from accessing other categories of data.
How can the government strengthen regulatory policies around handling patient data?
While there are already very stringent regulatory policies and frameworks around handling healthcare data, the introduction Digital Personal Data Protection Act (DPDP) last year has further strengthened the cybersecurity landscape not just across healthcare, but other sectors as well. The DPDP Act puts-forth numerous guidelines that every healthcare organization must adhere to in terms of the security of the patient data. Be it data being stolen or held for ransom, these guidelines serve as the frontal defense for the healthcare organizations against such cyber-attacks. However, enforcing all these frameworks effectively will be a key challenge for the government, which if done right, will go a long way in ensuring data security across the entire healthcare ecosystem.
In light of the government’s plan to have a centralized database of patient data, how do you expect the healthcare cybersecurity landscape to evolve in the coming years?
Going forward, I expect more integrated cybersecurity solutions being introduced into the market. Today, while hospitals have access to larger budgets that they can spend for IT security, diagnostics centers function more on a franchise-driven model where there are chances of not having complete control over the safety of data across all centers. With a centralized database, the government will be putting-forth standard frameworks for diagnostic centers that collect any kind of patient data to be centrally managed and also have the necessary cyber security measures in place.