Over the recent past, there have been tremendous advances in the use of technology in the healthcare sector. The healthcare industry has leveraged technology in different ways, including electronic health records; imaging techniques for diagnosis; robotics in surgical procedures; telemedicine to bridge the gap in care, especially in terms of time and distance; and wearable devices to monitor patients' health. As the healthcare industry continues to foray into new technological trends, like AI, ML and Big Data, how we use data and secure it becomes much more pertinent.
The Indian healthcare industry faced 1.9 million cyberattacks in 2022 till November 28, as per data published by CyberPeace Foundation and Autobot Infosec Private Ltd. In November, the All India Institute of Medical Sciences (AIIMS) New Delhi, was hit by a massive cyberattack which forced it to shut down many of its servers and switch to manual operations. The concerning part is that it’s not just in India but healthcare providers from across the world are falling prey to cyberattacks. In January 2022, Broward Health, a healthcare provider based in south Florida suffered a data breach which compromised 1.3 million patient records. Similarly, Morley Companies, a 3rd party provider of business services to Fortune 500 companies including medical industries, suffered a ransomware attack in February 2022resulting in the exposure of over 521,000 individual records.
In light of these recent attacks, it becomes critical that healthcare businesses thoroughly investigate the causes of data breaches and come up waith effective solutions that incorporate both external and internal controls.
Why the Healthcare Industry is at a Greater Risk of Cyber Attacks?
The type of data gathered and stored is one of the key reasons the healthcare sector is more vulnerable to cyberattacks than other sectors. Patient records kept by healthcare organisations may contain information as specific as the patient's name, date of birth, address, social security number, payment account information, etc. Stealing such information can lead to identity theft instead of just a single bank breach.
Inadequate data security in medical organisations is another important factor. Banks and other financial institutions have already established a robust data protection system. Global banking standards now include two-factor authentication. Customers are only given access to the information after entering the one-time password. However, the absence of such technologies makes public health organisations vulnerable to cyberattacks.
The lack of awareness among healthcare workers is another critical challenge we face in healthcare data security. Healthcare professionals are usually not trained in technology simply because it’s not a part of their day-to-day job. If healthcare workers are not provided with fundamental training to handle digital data, it becomes very difficult to avert a data breach.
How to Maintain a Safe and Secure Data Environment in a Healthcare Organisation
Since 2018 the Indian government has been striving to prioritise data privacy in the virtual world. On November 18, 2022, a new draft digital personal protection bill that prioritised personal data, imposed severe fines for violations and lifted restrictions on cross-border data transfer was released. With the intention of ensuring healthcare data privacy, security, confidentiality and standardisation, the government enacted the Digital Information Security in Healthcare Act (DISHA), India's HIPAA counterpart. The National Electronic Health Authority (NeHA) and the State Electronic Health Authority (SeHA) are two other initiatives that DISHA is contemplating. While these are truly welcome steps by the government, further measures are required by healthcare organisations to secure and protect valuable data. Here are a few steps that healthcare organisations can take:
Data Encryption: When sending data from workstations to the internet, servers or cloud-based systems, data encryption is essential. In essence, when the data is encrypted, even if an unauthorized entity or person gains access to it, they will not be able to read it.
System Monitoring Apps: There are various kinds of apps that can monitor a variety of processes, procedures and operations. You may use an app to keep track of who opens, modifies, adds, moves and deletes files. Other programmes that can identify potential data breaches are also available for usage. Additionally, there are tools that can be used to spot unwanted access, modifications to user accounts, etc.
Multi-Factor Authentication: Enabling multi-factor authentication techniques is another way to safeguard data because it can be challenging to rely on workers, independent contractors, vendors, suppliers and other parties to use secure passwords. These procedures require users to submit their username and password as well as verify additional items, like a one-time passcode that was delivered to their email address or mobile device.
Employee Training: Healthcare organisations must conduct regular training sessions with new and current employees to make sure that they are taking every precaution to protect patient records, data and other vital information.
Final Say
Strict data privacy regulations must be properly balanced with the implementation of digital health. The loss of trust can dent the ecosystem and slow down the adoption of digital health. In India, digital privacy rules are still in their infancy. To preserve compliance with India's data protection regulations, healthcare organisations must consequently take exceptional measures to maintain data security, data encryption and provide regular training to healthcare professionals.
The article has been written by Vikram Thaploo, CEO, Apollo Telehealth