Cyber attack on all India The Institute of Medical Sciences, which has paralyzed the premier healthcare institution for two weeks now, has raised many concerns about the country’s preparedness to withstand similar or larger-scale attacks on its critical infrastructure.
As India’s data infrastructure becomes more integrated and connected, more such attacks may occur, experts said, who asked the country to strengthen its defenses against such threats.
India is extremely vulnerable to such attacks, especially on health institutions as there is no law that mandates any institution to conduct regular audits or monitoring of healthcare, unlike payments where the Reserve Bank of India keeps a hawk eye on institutions and their security. . level, experts spoke to ET.
According to reports, another top hospital in New Delhi – Safdarjung Hospital – It has also become a target of attack Last week the intensity of the attacks may have been less compared to the attacks that hit AIIMS.
Harshil Doshi, Sales Director (India & SAARC) at Securonix, a security information and event management company, said, “Economic or market institutions of a country or government institutions, everything is a target and organizations need to be extremely careful in terms of protecting data.” .
“AIIMS is a medical institute that has very sensitive personal health information about top officials of the country which can actually be used for espionage,” Doshi said.
“Especially, if it is a nation-state sponsored attack from an adversary nation, they can potentially misuse this information to launch a different kind of cyber warfare in India which is a huge threat to a country like ours,” Doshi added.
After this the IT Ministry sources said Initial wave of attack A “complete list of dos and don’ts” was sent to all government departments, on critical infrastructure after the easing of the Covid-19 lockdown in 2021.
Also Read | Cyber attacks have tripled in the past three years, but security funding is underutilized
“At that time, some government departments like health, science and technology, nuclear power plants and armed forces were placed in the critical infrastructure category and asked to double their cyber infrastructure,” said a senior government official.
Sources said the Indian Computer Emergency Response Team (CERT-IN) had completed its “preliminary investigation” into the cyber attack on AIIMS and found several lapses in following the standard operating procedure laid down for government departments that manage critical state-run infrastructure. .
Some experts have also called for government departments to be held more accountable because they deal with so much sensitive personal data.
“Government should make independent threat monitoring and response mandatory for all government departments. Most government departments are understaffed and less skilled to monitor and respond to cyber breaches. This would put them on par with private companies and facilitate early detection and investigation of cyber breaches.” .threats,” said Amit Jaju, senior managing director at Ankura Consulting Group (India), which advises clients on areas such as cyber security risk management and finance.
Healthcare data breaches will become more common in India in particular, experts said.
Cyber security data from CloudSEK shows that the number of cyber attacks against the healthcare industry globally increased by 95.34% in the first four months of 2022 compared to a year ago.
The report said that India saw the second highest number of attacks worldwide with 7.7% of the total attacks on the healthcare industry in 2021. India accounted for 29.7% of all attacks in the Asia and Pacific region while China was second. According to the report, the most targeted country in the region with 21.6% of recorded attacks in 2021.
“The challenge with healthcare is that patient data is highly sensitive and security is rarely addressed,” said Rahul Sasi, cofounder and CEO of CloudSec.
The threat is not just personal data being compromised.
“Normally, a hacker will demand money for accessing data. But suppose the threat actor is not motivated by financial gain but wants to misuse the data. In that case, it can be a dangerous proposition, especially in the context of espionage and cyber warfare,” Shashi said. said
Ishwar Prasad Bhat, CEO and founder of Necurity Solutions, said that going forward the number of cyber attacks could increase significantly and become more sophisticated.
“Proper security audits, monitoring systems and processes need to be in place because data, reputation and trust are all at stake,” he said.
Healthcare information technology is an IT discipline that helps develop, design, build, and maintain information systems in hospitals, clinics, and other healthcare facilities. In 2021, the global healthcare IT market was valued at $135.6 billion and is forecast to grow at a CAGR of 29.3% over the ten years to 2030, according to Allied Market Research.
“The exponential growth of the global healthcare IT market due to the 2020 global pandemic outbreak has led to a significant increase in cyber attacks targeting the sector globally. Security of patients’ medical and financial information has emerged as a new challenge for healthcare companies,” the report said.
An investigation into this AIIMS Cyber Attack Ankura Consulting’s Jaju said, the insider angle should also be focused on as many hacking groups bribe insiders to facilitate hacks.