Author- Sukhpreet Sodhi
Over the past few years we all have noticed the increasing wave of cyberattacks. From
the IT sector to the banking sector cybercriminals have left no stone unturned to churn
out money from the people. But what about the healthcare sector? Do you think India has
adequate measures to protect the critical healthcare sector from the current tsunami of
cyberattacks?
The answer is a big “NO”. The recent cyberattack on AIIMS reflected India’s
vulnerability. Let’s get into the depth of this recent attack.
All India Institute of Medical Sciences, New Delhi, also known as AIIMS Delhi was
recently hit by a cyberattack. On the morning of 23 November, A breach was detected in
AIIMS internal systems.
This was a case of Ransomware attack which badly affected the digital services,smart
labs,billing reports,schedules and appointment details of thousands of
patients.Ransomware is a type of malware that restricts users from accessing their
system and locks the system’s screen or by the users’ files until a ransom is paid to the
fraudster.This ransomware corrupted all the data stored on the main and backup servers
of the hospital. This data is extremely sensitive as it includes the personal details
like-name,age,sex,numbers, address and medical history of many
citizens,celebrities,sports personalities and politicians. Hacking of such data can even
temper with the national security of India.
A case of extortion and cyber terrorism was registered by the intelligence fusion and
strategic operations .The FIR has been registered under 66F (cyber terrorism) and 66
(computer related fraud) of the Information Technology Act and section 385 (extortion)
at IFSO, special cell.Multiple agencies like The Indian Computer Emergency Response
Team within the Ministry of Electronics and Information Technology, Delhi cybercrime
special cell, Indian Cyber Crime Coordination Centre, Intelligence Bureau, Central
Bureau of Investigation (CBI), National Forensic Sciences University, National Critical
Information Infrastructure Protection Contre and NIA, among others, are working to store
the lost data back. It took almost two weeks to get the corrupted data back.
WAS IT THE FIRST TIME THAT INDIAN FACED SUCH A MASSIVE
ATTACK ON IT’S HEALTHCARE SECTOR?
“After AIIMS, ICMR website attacked 6,000 times in a day from Hong Kong-based
IP address”
“Data of 1.5 lakh patients in Tamil Nadu put up for sale online”
“India had 2nd highest number of cyber attacks in the world in 2021”
“Cyber attacks on Indian healthcare industry second highest in the world:
CloudSEK”
With headlines like these,The answer is “NO”. Although the cyberattack on the AIIMS
has gained wide attention, it is one in 1.9 million hack attempts on India’s healthcare
sector in 2022.A report by cybersecurity think tank CyberPeace Foundation and security
consultancy Autobot Infosec Pvt. Ltd showed that the health sector faced around 1.9
million cyber attacks till 28 November. The attacks came from 41,181 unique IP
addresses which were traced to Vietnam, Pakistan and China.The objective behind most
of the attacks was to inject a malicious payload into the network of the healthcare
company and trigger ransomware attacks.
CONDITION OF CYBER ATTACKS ACROSS THE WORLDAccording
to the study by Check Point Research , the global cyberattacks increased by
38% in 2022, compared to 2021.
WHY IS HEALTHSECTOR BECOMING A HUB OF CYBER ATTACKS?
The hackers like to target hospitals because they consider them as short on cyber security
resources with smaller hospitals particularly vulnerable, as they are underfunded and
understaffed to handle a sophisticated cyberattack.The healthcare sector attracts the
hackers as they aim to obtain health insurance information and medical records of
patients and in return demanding payment under threats of having patient records
released.
What are the reasons for increasing Cyber Attacks?
Increasing dependency on technology: Our dependency is directly proportional to the
exponential growth of technology which has resulted in the increased vulnerability of our
systems to cyber-attacks.
Lack of proper mechanism to deal with fraudsters:India’s approach to cyber security
has so far been ad hoc and undirected. Despite a number of agencies the expected
improvement has been far from satisfactory.
The India- China conflict: With our current disputes with China, China being one of the
world leaders in information technology has the capabilities to disable or interrupt the
information technology services of other countries.
Low digital literacy: The citizens especially in rural areas are not aware and updated
with the ongoing technological awareness. This lack of digital knowledge creates an
unsustainable environment in the cyber domain.
CONCLUSION:-
We cannot ignore the fact that the healthcare sector is a backbone of a country. The
leaked data of medical histories of some important personnel can even lead to threats in
national security. We require multiple layers of security to keep the data well protected.
India is working hard on this aspect and hopefully we may see the positive results in the
upcoming years.
