Economic Highlights
New Delhi, 28 November 2022
Indian Health Data Worth $7 b
AIIMSINFO BREACH IS RISKY
By Shivaji Sarkar
Health data is critical. Had one secret been known,
the Indian subcontinent may have had different political contours.
In 1947, Mohd Ali Jinnah’s health conditions were
in wraps giving no clue to Congress leaders that his days were numbered. Had
there been the slightest inkling, the Indian subcontinental history perhaps could
have been different. But did the British rulers know about it? Is that the
reason that the Radcliffe Commission drew the lines of Partition in five-week haste
without visiting those areas?These are difficult questions, but everyone has
secretly admired the way the crucial information on Jinnah remained in shrouds.
The healthcare information rarely may have had such immense political and
economic significance.
The incident is being recalled, as for days the significantAll
India Institute of Medical Sciences (AIIMS), Delhi, web portal server isinoperational,since
November 23 morning, supposedly because of suspected ransomware. The AIIMS has
switched over to manual procedures and sought the assistance of Indian Computer
Emergency Response Team or CERT-IN, the nodal emergency agency of the Ministry
of Electronics and IT.
The AIIMS data breach may be graver
than it appears. It may be recalled that how a global collaborative
investigative project revealed that Israeli company NSO Group’s Pegasus spyware
targeted over 300 mobile phone numbers in India, including that of two
serving ministers in the NDA government, three opposition leaders, one
constitutional authority, several journalists and businesspersons.
No less worrisome were the Cambridge Analytica, which had
allegedly stolen the data of 50 million Facebook users in 2014, claimed that
the Congress party was the firm’s client in India. Some other apps despite
pious intentions were blamed for compromising data.
The latest move for
a data protection law needs to have a wider ambit. Almost all apps on the
social media, corporate or public seek unnecessarily access to contacts, camera
and location. These must be stopped.The Competition Commission of India (CCI) on October 25 imposed a fine
of Rs 936.44 crore on Google for anti-competitive practices in its Play
Store policies.
The Indian healthcare data is stated to be worth $7
billion in the world market. It is just not about profiling a population but
information of some key persons itself may be worth more than that. The global healthcare information
market size is valued at $359.8 billion in 2021 and is expected to expand at a
compound annual growth rate (CAGR) of 13.2 percent till 2030.
The risk is far greater than it can
be fathomed particularly in the light of government using the coronavirus
pandemic to push its plan to digitise the health records and data of 1.3
billion people, despite concerns about privacy, increased surveillance,
technology and human rights. It can be utilised in many ways, including for
blackmailing, seeking ransoms or political mapping. The storing of individual
information in Aadhar and linking it to several instruments like income tax
data, ballot system and banking are fraught with great risks to the nation and
individual citizens.
According to a report published in The
Lancet journal, in 2016, global expenditure on health is anticipated to
increase to $18.3 trillion by 2040 across the globe. So would data worth
multiply.
Hackers’ access to private patient
data not only opens the door for them to steal the information, but also to
either intentionally or unintentionally alter the data, which could lead to
serious effects on patient health and outcomes.
If this at all happens to AIIMS or
any health data, it can lead to severe flaws in the line of treatment. The
Ayushman Bharat itself has enormous records along with ESI Hospitals. The move
to have a centralised healthcare data needs rethinking.
AIIMS attackmay have many
dimensions. It presumably has sensitive medical data that can be attacked, copiedand
altered.On May 14, 2016, AIIMS, Raipur also similarly suffered an attack by a
Pakistani hacker, Amir Muzaffar. The homepage of the institute was damaged, and
the hacker left messages of bravado.
That data on the net is not safe,
was exposed by Indian hackers claiming to have accessed more than 80,000
coronavirus patients’ healthcare records that were insecurely stored on
government servers in June 2020. The group, calling itself Kerala Cyber
Warriors, announced that it had gained access to the Delhi State
Mission website “in less than 10 minutes”. Its members claim to have accessed
sensitive data including patients’ names, addresses, phone numbers, Covid19 test
results, and passport details. In the US itself, in 2019, 41.4 million patient
records were hacked.
At the initial peak
of the Covid19, Indian healthcare industry registered 7 million cases of cyber-attacks.
With a 300 percent surge in such attacks in India, it is necessary to place
intrinsic security at the heart of digital strategies.The stolen health records may sell
up to 10 times or more than stolen credit card numbers on the dark web. The
cost to correct a breach in healthcare is almost three times that of other
industries — averaging $408 per stolen health care record versus $148 per
stolen non-health record, says IBM and Ponemon Institute report.
In May 2017, patient outcomes were
threatened when Britain’s National Health Service was hit as part of the
“WannaCry” ransomware attack on computer systems in 150 countries, resulting in
ambulances being diverted and surgeries being cancelled. Similar ambulance
diversions due to ransomwarehappened in the U.S. In September 2020, a key
Indian political person’s account was hacked, as per Twitter.
The US experts say that with proper
planning and investment, it’s possible to mitigate this risk. The NIC and AIIMS
must do it. The government must protect the information delinking it from
Aadhar, PAN and other instruments.
Health care organisations are
particularly vulnerable and targeted by cyberattacks because they possess so
much information of high monetary and intelligence value to cyber thieves and even
the targeted key persons. The targeted data includes patients’ protected health
information (PHI), financial information like credit card and bank account
numbers, personally identifying information (PII) such as social security
numbers, and intellectual property related to medical research and innovation.
One reason of the vulnerability is the easy access to the sites for diagnostic
and treatment facilities. The gateways for users need separation.The AIIMS or
any healthcare breach is perilous,and the nation needs to be extremely cautious
on centralised data prospecting. ----INFA
(Copyright, India News & Feature
Alliance)
|