New Delhi: The All India Institute of Medical Sciences (AIIMS) has limped back to normalcy after a cyberattack crippled its operations for nearly two weeks. Online registration of patients was resumed after access to servers were restored and lost data recovered. The attack on AIIMS’s hospital IT system, followed by unsuccessful attempts to hack the Indian Council of Medical Research (ICMR), underscores the need to shore up defences in India’s health data infrastructure on a war footing. Over 1.73 lakh hospitals have registered for digitising their health records since 2021. Although tools to safeguard digital security are becoming available, they are often in silos or not updated. Standard operating procedures are missing in many places. A sectoral CERT (computer emergency response team) is yet to come up.
Unlike in the financial sector where RBI keeps an eagle eye on compliance and security measures, there is no single regulatory agency yet for the health sector. The scale of RBI advisories in banking and digital payments will help sustain the growth of the digital ecosystem in the financial sector. Likewise, healthcare providers must spruce up best practices, including regular cybersecurity audits, secure firewalls, security operations centres, trained manpower and robust oversight on vendors.
Setting up special purpose vehicles (SPVs) to handle hospital IT information systems is a good idea now that technology provides for centralising infrastructure through cloud and other means to service multiple facilities. The health ministry, in consultation with the IT ministry, CERT-In, National Health Authority, state governments and industry must prepare a list of sector-specific guidelines on policy, practices and oversight mechanisms.