ATP tools, updated firewalls the order of the day for Indian hospitals

An overwhelming increase in cyberattacks has prompted hospitals in India to ramp up their security infrastructure. Experts said that the widely publicized cyberattack on the All India Institute of Medical Sciences (AIIMS), in November, was a wake-up call for the industry, leading executives from hospitals to increase focus on security solutions that could strengthen their systems. Cybersecurity firms also said that queries and subscriptions from the healthcare industry have grown since the AIIMS attack.

“There has been a significant surge in demand for cybersecurity solutions in the healthcare sector, with the inquiries escalating by 10x-15x,” said Amit Chaudhary, Vice President of IP & Cyber Security at Airtel. Sanjay Katkar, joint Managing Director and Chief Technology Officer of security firm Quick Heal Technologies, also said that the firm has seen an increase in conversations with hospitals in the last 12 months.

Cyberattacks in the healthcare sector increased by 60% in 2022, as compared to 2021, according to CheckPoint Research. Another cybersecurity firm IndusFace reported that India was the second-most targeted country in terms of attacks on the healthcare sector last year after the US. The firm said that 278.000 of a million attacks detected on its healthcare customers every month in 2022 were from India, IndusFace noted.

“The healthcare sector is looking forward to understanding newer cyber security technologies like Endpoint Detection and Response (EDR/XDR), and zero trust user access tools, to replace the old traditional approach of virtual private networks (VPNs) and individual antivirus protections for their endpoints,” said Katkar.

Essentially, hospitals earlier depended on installing security software on electronic devices, and using VPNs to allow doctors and staff to remotely access a hospital’s systems. Now, these are being strengthened with newer tools that focus on verification of identification through more stringent controls, and are harder to penetrate.

For instance, R.S. Nehra, Principal Consultant, Cyber Security, Aakash Healthcare, said the firm has made several upgrades in the past few months. This includes implementation of multi-factor authentication for all employees, which ensures that only authorized individuals have access to sensitive data. The hospital has also upgraded its firewalls and intrusion detection mechanisms to strengthen network security.

“We have seen a significant improvement in our overall cybersecurity posture, as a result of these upgrades. Our systems are better equipped to detect and prevent cyber-attacks, and our employees are more aware of potential threats and best practices for maintaining data security,” he added.

Further, Shikha Sharma, Head of Information Technology (IT) at Delhi’s PSRI Hospital also said that the hospital has deployed new and upgraded solutions. The hospital has implemented an “advanced firewall” that offers ‘advanced threat protection’ — a security industry term used to describe solutions that combine cloud security, email security and more to provide protection from complex malware, phishing campaigns etc.

PSRI has also deployed new software on machines connecting to its network, which helps segregate the network for different departments, and makes it more difficult for hackers to compromise an entire hospital’s data by penetrating one department. This software, called endpoint detection and response (EDR) software, works on laptops and desktops, servers, and more and alerts tech teams when it detects suspicious activity.

Akash Healthcare and PSRI aside, Nandkishor Dhomne, chief information officer of Manipal Hospitals said it has upgraded firewalls on all of its group hospitals and conducted detailed assessment of its security landscape to plug possible gaps.

QuickHeal’s Katkar also said that some hospitals have expressed interest in threat intelligence tools that offer real-time detection and analysis of threats. This was earlier unheard of for Indian hospitals, since such solutions are often more expensive than traditional tools.

However, they use artificial intelligence and other software to detect threats in real-time and are often considered more effective for protection against modern threats. Hospitals like Akash Healthcare have devised regular employee training programs to increase awareness among employees as well.