Indian healthcare sector is lagging behind in cybersecurity investment as compared to most major other sectors. However, given the spate of cybersecurity incidents globally in the healthcare sector, there is a growing realization amongst healthcare service providers in India to secure their critical data especially against growing number of ransomware attacks. Harshil Doshi, Strategic Security Solutions Consulting - India, Forcepoint, tells Nandita Vijay in an email interaction. Excerpts:
Could you comment on implications of cyber-attacks on healthcare sector?
The rapid digitization of the healthcare industry has led to a huge increase in the number of ransomware, malware and targeted attacks, which puts confidential patient data like personal details, medical history and financial information at risk. The healthcare systems are emerging as an attractive industry for hackers to target with each stolen medical record fetching from anywhere US$50 up to US$ 20,000, according to industry estimates.
In the past year, cyber-attacks on healthcare services have resulted in the loss of hundred thousands of Personal Identifiable Information (PII) and Personal Health Information (PHI) data and resulted in disruption of critical care services from reputed healthcare service providers like Anthem in US and NHS in UK. While geographies like Americas have enforced healthcare regulations like HIPAA, there are many regions where there is no accountability and penalties enforced on healthcare service providers for such breaches and disruption.
Implications of cyber-attacks on healthcare across a wide spectrum are critical PII and PHI data loss of VVIPs and HNIs globally could lead to a significant financial and political control by organized cyber-crime syndicates and states sponsoring them. The populated geographies like India can become a rich source of medical research data by virtue of the sheer size of the sample. This data can be exploited for unregulated drug mafia and pharma companies. Advanced attacks like ransomware can cause major operation disruption by holding critical data and assets to ransom. There is financial and brand reputation loss to the healthcare provider in terms of regulatory fees and mistrust.
What are the efforts to increase your presence in healthcare space?
We are successfully helping healthcare organizations across the globe protect their networks, deliver great care and remain in compliance. Some of the other customers include the US Department of Health and Human Services, Visiting Nurse Services of New York, Adventist Health, and Hutt Valley District Health Board.
What is your strategy to tap opportunity in Indian healthcare space?
We continue to engage with companies across entire healthcare ecosystem including hospitals, labs, pharmaceutical and insurance companies to help them understand the need to protect data and importance of providing medical practitioners access to the right data whenever and wherever it’s needed. A number of them are already Forcepoint customers.
Some of our technology innovations are also pointed towards regional issues. For example, Forcepoint is the leading cyber security vendor to understand Indian PII and PHI records based on the regional libraries we have developed over a period of time.
What are the challenges in providing security in healthcare sector?
Despite regulatory requirements around data privacy, security, and preventing data breaches of personally identifiable information (PII) and personal health information (PHI), breaches are on the rise.
The healthcare industry has been underinvesting in IT security for long with a main focus just on regulation rather than looking at cybersecurity as an enabler for a healthcare institution to function.
The recent focus within the healthcare industry on implementing electronic health records systems (EHRs) under externally-imposed tight deadlines, along with difficult-to-update medical devices that continue to run outdated and vulnerable operating systems, there are weaknesses to exploit.
Then, there are well known issues like lack of trained cyber security professionals’, lack of backup capabilities, process failures that are putting healthcare organisations under the constant of threat of cyber exploitation.
When it comes to protecting data in a digital era, the healthcare sector needs to invest in IT security and education to create awareness.
Our whitepaper along with Osterman Research called ‘Protecting Data in the Healthcare Industry’ surveyed a number of healthcare institutions in the US, UK and Australia found that 17% of healthcare professionals suffered a breach or loss of data over the last 12 months. Respondents ranked Ransomware (23%) and Data Leaks (31%) as the biggest threats to their organisations’ IT security posture.
Which are the much-sought after solutions of the company that healthcare sector has depended on?
We bring decades of experience and industry-leading security solutions to protect the healthcare organizations reputation and their patients’ trust. While basic security hygiene encompassing, amongst others, antivirus tools and a patching regime, still are essential, the industry needed to relook at the way security works in the new world.
The threat landscape today has expanded with increasing digitalization. Instead of protecting a perimeter that is fast dissolving, organisations need to approach security through a human-centric lens that help them better understand indicators of normal cyber behavior and quickly identify anomalous activity and operations. Our strategy is to help organisations understand the normal rhythm of users’ behavior and the flow of data in and out of the organization to identify and respond to risks in real-time.
How are Forcepoint’s solutions positioned to provide data security to the sector?
Healthcare organizations globally, even after spending millions of dollars on security solutions, face a formidable task in defending their critical data and that of their patients against cyber-attacks and data theft. At the same time, Healthcare IT teams face unique challenge in meeting compliance regulations. And as with any industry, humans are the weakest link in the cyber security framework, Forcepoint’s Human Point vision powered by technologies like integrated Data and Insider Threat, addresses these challenges by understanding the behavioral aspects of users to not only detect but also predict some of these threats.
Today the data lives everywhere: from the Cloud to any endpoint. It becomes imperative to protect data from external attacks and insider threats. Forcepoint works with organizations’ current security staff to stop data theft, not data access.
Our security solutions protect and enable healthcare organizations to deliver better patient outcomes by addressing key security challenges like to stay in line with compliance and regulations. Here Forcepoint Data Security solution comes with standard security policies, the ability to customize policies, and ongoing monitoring and reporting. It protects patient records on endpoint devices on and off the corporate networks. Data doesn’t have to be at risk, even as caregivers are mobile throughout their day, delivering diagnoses and care in multiple locations, working with data on and off the healthcare network. It secures PHI workflows throughout the healthcare ecosystem: Hospitals, physicians offices, clinics, surgery centers, labs, pharmacies, insurance providers and patients can safely access and share data. One can achieve just as high levels of security on guest networks as on employee or staff networks: A guest network can serve as a potential backdoor, but Forcepoint helps you avoid this by delivering seamless data protection, providing the same controls and security as you have for the employee and staff network.