Sridhar Turaga, SVP-Digital, Technology & Analytics Services, CitiusTech emphasises that the need for healthcare cybersecurity has surged exponentially in the past few years, and an underinvestment in specialised resources has posed a challenge to the industry at large
Evolving consumer expectations are driving healthcare innovations and modern healthcare technologies are accelerating that journey towards a more digital, personalised, and connected care model.
Healthcare is rapidly transforming and becoming much more connected, primarily to offer digital services, remote care, and better consumer experience for improved patient outcomes and compliance rates. According to Telehealth Services Market in India Size & Share Analysis report by Mordar Intelligence, India telehealth services market is poised to grow at a CAGR of 25.5 per cent by 2028.
While the digital transformation is inevitable, the healthcare organisations need to ensure a secure infrastructure. As per an online report by cybersecurity think tank CyberPeace Foundation and Autobot Infosec Private Ltd, Indian healthcare sector suffered 1.9 million cyberattacks in 2022. COVID has taught us that a collapsing healthcare infrastructure can cripple a country. Thus, healthcare security needs to be addressed the way we deal with defence and utility requirements to safeguard valuable data including patient information, treatment reports, medical records, diagnosis, and insurance details from cyber threats.
Let’s look at some common roadblocks that providers may face while setting up security infrastructure and ways to tackle them:
Under-invested in expertise
The need for healthcare cybersecurity has surged exponentially in the past few years, and an underinvestment in specialised resources has posed a challenge to the industry at large.
To address the critical shortage of skilled cybersecurity workforce efficiently, here is a three-pronged strategy.
- Short-term solution – Involve external experts or specialised cybersecurity organisations.
- Adopt AI & analytics – Leverage new generation tools for smart monitoring and analytics that allow organisations to proactively scale their security measures and adopt a preventive approach.
- Upskill the workforce – The power of upskilling the existing workforce is often underestimated. External architects may not understand the business and the systems the way existing architects do. Hence, upskilling existing engineering architects, networking architects, infrastructure architects with appropriate security training is always recommended over getting an external security architect.
Infrastructure & system
Healthcare being fragmented, patient data sensitivities, privacy laws and regulatory compliance, cyber security in healthcare has always been challenging. As a result, healthcare organisations have traditionally followed a siloed and isolated approach to ensure data protection.
As per Kaspersky’s New Healthcare Report 2021, 73 per cent of healthcare providers use medical equipment with a legacy OS that hardly supports security features or monitoring. Today, modern health-tech solutions are in demand for better consumer experience.
While many Indian healthcare organisations have adopted the app modernization journey, some are still not confident. Migrating from legacy systems to cloud can be a huge gamechanger. It helps deal with major challenges that are common in legacy systems, like patch management, maintenance, security testing, assurance of operating system, interconnectivity between systems, and version management.
Higher focus on device security: In some recent industry surveys, 30 per cent respondents (healthcare organisations) shared that they suffered at least 5 data breaches in last 18 months, with IoT/IoMT devices being involved 70 per cent of the time.
Virtual and remote care is here to stay. Since connected devices are more vulnerable to cyber threats, device security is a point of concern. Organisations can begin initiatives focused on device security that help re-imagine process, infrastructure, and monitoring for a world of connected care.
Awareness & mindset
Compared to financial sector, regulations, and patient safety requirements in healthcare are more stringent. Securing the financial services, which is considered as the epitome of security, is hard; securing the Healthcare services is even harder because it deals with sensitive personal healthcare data and lives. Front-line owners such as doctors and nurses are already very stretched and in critical care situations.
Creating awareness and establishing a security culture within an organisation can help foster a security mindset. Security is everyone’s role; we can’t merely rely on infrastructure. It also cannot come in the way of providing better patient care. There is need to have a balance of both. Care giver teams need to be more aware about how to balance security and patient care. Healthcare organisations can run internal campaigns, create awareness initiatives, conduct training sessions, and internal audits centred around PHI and PII.
Legal & regulatory obstacles
With rapid advancement in health-tech sector, cybersecurity regulations are a little behind the curve. While the government of India has proposed helpful programs to strengthen the healthcare system, like Digital Information Security in Healthcare Act (DISHA). DISHA has facilitated electronic health data privacy, confidentiality, security, and standardization, which is quite like Health Insurance Portability and Accountability (HIPAA) in US. However, its implementation, compliance reporting framework, audit cycles, etc. are yet to be formalised.
While healthcare providers are in this constantly changing environment, there is a need to adopt exceptional security practices that help protect patient data. They are advised to adopt advanced technology like cloud that facilitates rich and prolific security features while being rooted to regulatory requirement.
Structural challenges
Healthcare security is difficult because providers do not have full control over the entire data workflow. The end-to-end data workflow spans over multiple providers, vendors, radiology & pathology labs, mediclaim insurance providers, and beyond. The emergence of remote care in healthcare and growing demand for it further elongates the tail. It makes it challenging to implement a uniform cybersecurity cover across the long tail of healthcare data flow.
There is a need to establish standardisation protocols for handling healthcare data across multiple data handlers. It may involve a larger system implementation or implementation of a data encryption schema spanning across all data handlers.
The healthcare industry is moving towards a more digital and connected model faster than organisations are ready to handle it. An ill-equipped cybersecurity framework can be the Achille’s heel for your organisation. This transformation needs a combination of strategy, design, skillsets, toolset, and mindset to be changed quickly.