New Delhi: All India Institute of Medical Sciences (AIIMS) is back to normal after a cyber attack disrupted its operations for nearly two weeks. Online registration of patients was resumed after server access was restored and lost data recovered. Attack on hospital IT system of AIIMS, followed by failed attempts to hack it Indian Council of Medical Research (ICMR), emphasizes the need to advance defenses in India’s health data infrastructure on a war footing. Over 1.73 lakh hospitals have registered to digitize their health records by 2021. Although tools to protect digital security are becoming available, they are often in silos or not updated. Standard operating procedures are missing in many places. A sectoral CERT (Computer Emergency Response Team) is yet to come.
Unlike the financial sector where RBI keeps an eagle eye on compliance and security measures, there is no single regulatory agency yet for the health sector. The scale of RBI’s advisory in banking and digital payments will help sustain the growth of the digital ecosystem in the financial sector. Similarly, healthcare providers should develop best practices including regular cyber security audits, secure firewalls, security operations centers, trained manpower and strong monitoring of vendors.
Establishing special purpose vehicles (SPVs) to handle hospital IT information systems is a good idea now that technology provides for centralization of infrastructure to serve multiple facilities through the cloud and other means. In consultation with Ministry of Health, Ministry of IT, CERT-In, National Health AuthorityState governments and industry should develop a list of sector-specific guidelines on policy, practices and monitoring mechanisms.
