The recent surge in cyber attacks on Indian hospitals is raising alarming concerns about the safety of healthcare and personal data.
This pressing issue was brought into the limelight following the recent breach of the CoWIN portal, India’s primary platform for COVID-19 vaccine distribution, according to a report by Tenable.
This significant security breach, executed via a state-operated chatbot on a popular instant messaging application, led to the unauthorized exposure of millions of citizens’ healthcare and personal data.
The Union Health Ministry and the Indian Computer Emergency Response Team (CERT-In) have launched investigations into this major data breach.
One aspect is clear: cybercriminals are shifting their focus toward healthcare data, a sector that can potentially cause substantial harm if compromised.
Cyber Attacks on Indian Hospitals Surge, Exposing Vulnerabilities
“Cybercriminals have long been attracted to organizations with high potential yields, such as healthcare and critical infrastructure providers, due to the lucrative profits involved,” warned Kartik Shahani, Country Manager for Tenable India.
“There’s a clear shift towards cybercriminals seeking high-value healthcare data. They are well-aware that healthcare providers have been historically slow to adopt proactive measures to secure their interconnected IT and OT systems.”
The ramifications of such cyber attacks are far-reaching, with the potential for financial losses, disruptions to crucial medical services, compromised patient information and care.
Shahani further adds, “As notifications about leaked customer information on the dark web increase, the urgency to bolster cybersecurity measures becomes starkly evident.”
Healthcare: An Increasingly Targeted Sector
The healthcare sector in India was found to be the second most targeted by cybercriminals, according to the 2022 Threat Landscape Report.
In another study by Cert-In, healthcare ranked as the fifth most-targeted industry by ransomware perpetrators.
These alarming statistics underscore the urgent need for healthcare organizations to thoroughly evaluate their attack surfaces, detect potential attack pathways, and identify their most critical assets. Protecting healthcare data has never been more essential in light of these cyber attacks on Indian hospitals.
Moreover, with the Indian government planning to enact stringent data protection laws, the stakes are higher. The proposed Digital Personal Data Protection Bill outlines strict penalties for organizations failing to implement cybersecurity measures to protect customer data.
Proactive Measures Against Cyber Attacks on Indian Hospitals
According to Shahani, healthcare organizations in India cannot solely depend on these upcoming regulations.
“Waiting for regulations to be passed to improve security can do more harm than good,” he cautions. Organizations trusted with healthcare information must make cybersecurity a priority, implementing proactive measures to protect sensitive data.
Such measures include conducting regular risk assessments to identify vulnerabilities, offering cybersecurity training to employees, and maintaining continuous monitoring of systems to detect potential threats.
Shahani highlights that these proactive steps against cyber attacks on Indian hospitals are not just about securing data but also about upholding the trust of the public.
By protecting against cyber threats, organizations ensure the continuity of crucial services and the well-being of individuals.
The escalating cyber attacks on Indian hospitals serve as a stark reminder of the vulnerability of the healthcare sector.
It underscores the need for organizations to prioritize cybersecurity and take the necessary steps to safeguard their systems and the data of millions of Indian citizens.
