A lot of scams have been noticed that evolved in the health care sector due to covid as many were leaking a lot of digital footprints which could aid these scammers to target individuals.
Data privacy is a very serious concern in the Indian security space. Data stored in the cloud with less preparation and concern is being widely noticed these days.
The global health care sector has witnessed a huge cyber security crisis from the data breach to a ransomware attack in the last 2 years since covid started.
In November 2020, ransomware actors were seen attacking a German Hospital chain resulting in disruption of day-to-day operations. There were speculations that this would lead to the death of the patient.
Just one year after that India faced a similar attack when a group of Ransomware actors hacked into the servers of a Mysuru-based hospital resulting in taking control of their main financial server. And further reports proved a huge spike in the Indian healthcare sector. Interestingly, Indian Health Sector is linked to the Indian Pharma sector too. Indians have been a pioneer in vaccine manufacture too. Hence, a fight to protect it on two different levels has been initiated.
Globally cyber security is considered an enterprise-level activity that would need good budgets to do processes from all activities from Endpoint security to Regular audits and continuous monitoring. In that case, the major issue would be with the mid and small-scale players in the health sector. Data regulations are least and nil in the Indian health care sector. Due to the sudden outbreak of the Covid 19 virus, a lot of small and mid-players suddenly shifting to the online platform have been witnessed. Even small medical stores to mid-size laboratories using the cloud to upload and process data has been seen. Apart from that a lot of medical data were collected by Government and Private authorities including vaccination and covid negative certificates for daily commutation purposes. The main question is about the deletion of these data after usage.
Analysing many sets of data from huge data breaches always proves that many Indian organizations tend to store a lot of past data and retain it after needed.
The majority of the Indian firms still possessing an outdated device with a lack of proper upgrading of software and firmware could be a massive setback for taking advanced precautions against cyber-attacks. Even though there are compliances like DISHA which are equivalent to HIPAA, discussions were unfortunately stalled and no further progress was made in bringing this to implementation. Like many of the firm’s bills, this would now require a total revamp due to the delay. Cyber security issues are highly dynamic and amendments should be made regularly to counter the latest privacy issues.
Most of the local Indian health care data could be vital with a lot of valid information which will enable a non-regulated business and could be highly used for scams. A lot of scams have been noticed that evolved in the health care sector due to covid as many were leaking a lot of digital footprints which could aid these scammers to target individuals.
Major cyber security concerns would be: –
Misuse and insecure cloud storage of patient data
Long storage of Patient KYC details during Covid Test
Storing Medical data with Third-party providers
Storing and processing data by Health Start-ups
Sharing of Medical details on social media platforms including Facebook (Including vaccination certificates)
Mismanaged infrastructure in Government as well as local private hospitals
Lack of regulatory authority to monitor Compliances like DISHA
Even though covered in Compliance, India got a major practice of leaking the mental and physical health of individuals on Public Platforms which is a privacy concern
The discussion about Cyber Security in India has to reach a common point of Data regulatory authority, framework, and compliance. It will be an oversight to request organizations to be serious about their security aspect without proper updated guidelines and policies. Otherwise, we are destined to be victims of scams, data selling, and more of such activities which creates insecurities. Singapore Data Regulatory Authority fined the health department for leaking out patient data.