|
Cyber security tech companies view that Indian hospitals need to be in a ready mode to thwart ransomware attack. This follows after the recent ransomware attacks on the All India Institute of Medical Science (AIIMS) and Safdarjung Hospitals in New Delhi besides the server of the Indian Council of Medical Research (ICMR).
The CyberPeace Foundation and Autobot Infosec reports, India has faced 1.9 million cyber attacks this year till November 28.
This makes cyber security providers like Trend Micro, ClearTouch, Cyware and CrowdStrike to caution Indian hospitals to deploy preventive measures for protecting administration files and patient medical records.
Vijendra Katiyar, country manager, India & SAARC, Trend Micro, said, “Rise of ransomware attacks has been the most pressing problems this year. The threat landscape has continued to evolve with new players and lucrative monetization with attackers continuing to target public and the private sectors likewise”.
Recent attacks on AIIMS, Safdarjung Hospital and the ICMR server has raised serious questions on the cyber-preparedness of the Indian healthcare sector, especially at a time when the government is insisting transition to online and paperless operations. Getting ahead of the evolving threats that will crop up in the coming year calls for a multilayered defense plan, bolstered by mitigation measures such as securing environments and systems with a zero-trust strategy, dynamic attack surface management, deploying a unified cyber security platform, among others. Trend Micro helps its customers prioritise their vulnerabilities which can be mitigated in multiple ways, said Katiyar.
Stating that it is imperative to protect systems from unauthorised access, Uthaman Bakthikrishnan, executive vice president, ClearTouch said, “There is a need to deploy two-factor authentication, strong passwords, end-to-end encryption among others. Most importantly, employees should be regularly trained and educated on various cyber threats. Here our company supports healthcare providers with secure data exchange and storage solutions, to prevent data breaches or cyber-attacks. Solutions like encryption, authentication, and authorization help safeguard the integrity and confidentiality of healthcare data.”
Akshat Jain, co-founder and CTO, Cyware said, “Ransomware attacks are nothing new but targeting healthcare is a much bigger threat as patient care and sensitive medical data are at risk. The recent attacks are an indicator of what is expected in the future as cybercriminals are finding new ways to exploit public institutions and critical infrastructure for financial gains, data theft, espionage, and more. Organizations need effective threat response capabilities to stop security breaches from spiralling into a larger operational crisis.”
Compared to other sectors, healthcare finds itself in the crosshairs of Ransomware-as-a-Service (RaaS). In a recent intrusion into the healthcare industry, the CrowdStrike Falcon OverWatch team uncovered RaaS activity by an affiliate of the ALPHV ransomware also known as BlackCat, after sighting suspicious activity under the service accounts of three Windows systems, said Jagdish Mahapatra, vice president, Asia, CrowdStrike.
Modern healthcare is more vulnerable to cyber attacks because of its complex supply chain, digitised patient data and medical devices connected to the internet. The recent cyber attacks on India’s premier medical and research institutions are a wake-up call to boost the security of critical infrastructure.
Healthcare organisations needs to embark on an annual security risk analysis for threat detection, using multi-factor authentication, secure credentials, protect emails and patient health records by incorporating endpoint detection and response, noted Mahapatra.
|