Current:Home > StocksCyberattacks on hospitals thwart India's push to digitize health care-LoTradeCoin
Cyberattacks on hospitals thwart India's push to digitize health care
View Date:2024-12-23 20:51:51
In late November, as a thick layer of smog settled on the All India Institute of Medical Sciences in New Delhi, patients began to experience extended wait times. Long lines snaked along the vast building and backed up for several yards.
Computers at the hospital had stopped working, so medical reports could not be generated. Though patients were still being treated, paper bills were being handed out. After a few days, people who feared that traveling back home would be too expensive began to sleep under a nearby overpass to wait it out.
A massive cyberattack had compromised the health data of millions of patients, from those who live in extreme poverty to high-profile politicians, bureaucrats and judges.
The Delhi Police had a bigger problem at hand. They were in possession of an email that read, "What happened? Your files are encrypted? What is the price to repair? The price depends on how fast you can pay to us," reported news sources.
The Delhi police initially denied reports of a ransom demand. But they later confirmed that the servers at AIIMS were attacked and data was being held for ransom. Police sources were quoted as saying the attack originated from China and Hong Kong.
Two weeks later, servers at AIIMS are just now limping back to normal.
A digital health ID for every Indian
Cybersecurity experts express larger concerns.
Because India does not have robust cybersecurity systems or strong data protection laws, the breach has made observers uneasy about Prime Minister Narendra Modi's ambitious plan to digitize the health records of all Indians.
In 2020, most people around the world were just hearing about COVID-19. Indians were forced into a sudden lockdown, and no one knew when vaccines or a semblance of normal life would return.
Against that backdrop, Modi announced that every Indian would get a health ID under the National Digital Health Mission: "Your every test, every illness, what doctors prescribed and when, your reports will be on a single health ID."
These health records can be accessed by health-care professionals only after the informed consent of the ID holder, Modi clarified.
Cybersecurity experts are doubtful about getting informed consent as that concept is relatively new in the country. "Citizens being forced to get a health ID and digitize their health records without the right safeguards is making them vulnerable," says Srinivas Kodali, a technology expert and researcher with Free Software Movement of India. "With plans for ubiquitous sharing of health records across hospitals, doctors, insurance agencies and health tech firms, Indians' health data is expected to be more prone to leaks, data breaches and exploitation," he adds.
More than 170,000 hospitals across the country have signed up for the National Digital Health Mission already. Registration is mandatory for government-run hospitals.
Right across from AIIMS is another massive government-run hospital, where thousands of people line up for treatment. Around the same time that AIIMS reported the ransomware attack, Safdarjung Hospital also reported a cyberattack that incapacitated its servers for a day. Data was not breached and the servers were restored quickly.
Currently, the safety of a patient's data will depend on how safe the hospital servers are. Under the National Digital Health Mission, all hospitals will be responsible for storing and protecting the patient data they collect. Patients at Safdarjung were merely lucky that their data was not breached.
Kodali says if there is a plan to have one unique national health ID, then the cybersecurity of the such massive amounts of data should be the responsibility of the government. "To expect hospitals to deal with their own cybersecurity is like asking an IT professional to medically operate on himself," he says.
In a 2022 white paper, the artificial intelligence company CloudSEK said that cyberattacks on the global health care industry rose by more than 95% compared to last year. Attacks mostly occurred on systems in the U.S., followed by India.
Cyberthreats loom
Observers warn against large-scale digitization before necessary checks are in place. "In large systems, digitalization can bring in efficiencies, but it also creates the possibility of disruption to information flows with cascading impacts for society," says Anita Gurumurthy, director of the non-profit IT for Change, which works on tech policy and human rights.
Indian authorities agree that the country is facing increasing cyberthreats. The Indian Computer Emergency Response Team (CERT-IN), the national cybersecurity watchdog, noted a 51% increase in the number of ransomware attacks, including on critical infrastructure, from the year before.
In the absence of a personal data protection bill, as well as a law governing the digital health ecosystem, Gurumurthy says, the regulatory system is not conducive to maintaining large data sets.
In addition, users' lack of awareness about cyber risks and the use of old, legacy technologies contribute to vulnerability, according to Rajeswari Pillai Rajagopalan, director of the Centre for Security, Strategy and Technology (CSST) at the think tank Observer Research Foundation. "India also needs to study the evolving tactics, techniques and procedures [TTPs] of hackers and criminals to be able to prevent these attacks. India will pay a serious price if it is seen as an easy target."
veryGood! (5)
Related
- Chiefs block last-second field goal to save unbeaten record, beat Broncos
- The Daily Money: Has the Great Resignation fizzled out?
- Jeff Lynne's ELO announce final tour: How to get tickets to Over and Out
- Mega Millions jackpot approaching $900 million: What to know about the next lottery drawing
- J.Crew Outlet Quietly Drops Their Black Friday Deals - Save Up to 70% off Everything, Styles Start at $12
- EPA bans asbestos, a deadly carcinogen still in use decades after a partial ban was enacted
- March Madness snubs: Oklahoma, Indiana State and Big East teams lead NCAA Tournament victims
- Trump’s lawyers say it is impossible for him to post bond covering $454 million civil fraud judgment
- FSU football fires offensive, defensive coordinators, wide receivers coach
- Full transcript of Face the Nation, March 17, 2024
Ranking
- New Yorkers vent their feelings over the election and the Knicks via subway tunnel sticky notes
- Trump backs Kevin McCarthy protege in California special election for former speaker’s seat
- Will Messi play with Argentina? No. Hamstring injury keeps star from Philly, LA fans
- Iowa agrees to speed up access to civil court cases as part of lawsuit settlement
- Messi breaks silence on Inter Miami's playoff exit. What's next for his time in the US?
- Former Olympian Caitlyn Jenner backs New York county’s ban on transgender female athletes
- 2 Black men tortured by Mississippi officers call for toughest sentences
- Women’s March Madness bracket recap: Full 2024 NCAA bracket, schedule and more
Recommendation
-
Auburn surges, while Kansas remains No. 1 in the USA TODAY Sports men's basketball poll
-
These new museums (and more) are changing the way Black history is told across America
-
Afghan refugee convicted of murder in a case that shocked Albuquerque’s Muslim community
-
Richard Simmons Responds to Fans' Concerns After Sharing Cryptic Message That He's Dying
-
Dwayne 'The Rock' Johnson weighs in on report that he would 'pee in a bottle' on set
-
The longest-serving member of the Alabama House resigns after pleading guilty to federal charges
-
Patrick and Brittany Mahomes Share Glimpse at Courtside Date Night at NBA Game
-
Trump is making the Jan. 6 attack a cornerstone of his bid for the White House