Dr Rajendra Pratap Gupta, Founder-Health Parliament and former advisor to the Health Minister, Government of India highlights that the recent ransomware attack on the AIIMS server and Safdarjung hospital has shocked many. It is not just an attack on AIIMS or Safdarjung but an attack on the domain of digital health, which the country is fast-tracking according to the vision of the Prime Minister
All of us were beneficiaries of using technology for healthcare during COVID-19 when the doctors were not in a position to meet the patients, and the patients were not willing to meet the doctors to avoid contracting the fatal infection. How would healthcare have been delivered if technology did not come as a saviour during COVID-19? We are thankful to doctors for helping us wade through the pandemic; it is the technologists whom we forget to thank for helping doctors and patients to wade through the pandemic with technology preparedness.
Post-COVID-19, technology in healthcare has become inseparable to the point that if one is not into digital health, one is not into health. Also, under the Ayushman Bharat Digital Mission (ABDM), India has pushed digital health (using technology to deliver healthcare). This time, the technological revolution in healthcare will scale up faster as, for the first time, the patients are asking for it. The supplier demand models are bound to change, given the consumer demand. While on the one side, the consumer’s demand for digital health is permanent and all-encompassing, from online orders of prescriptions to online consultations with doctors and follow-up with hospital admissions; also, this digitalisation of healthcare is much needed given the resource crunch in healthcare and the budget constraints and adoption of technology will increase the reach of doctors and facilities, and make healthcare on-demand, transparent, efficient, and accountable.
The recent ransomware attack on the All India Institute of Medical Sciences (AIIMS) server and Safdarjung hospital has shocked many. It is not just an attack on AIIMS or Safdarjung but an attack on the domain of digital health, which the country is fast-tracking according to the vision of the Prime Minister. AIIMS is India’s top healthcare facility and serves the most complicated cases and the government’s highest officials, including the Prime Minister. The data breach could be explosive. Consider if the hacker lays hands on the medical records of the key officials admitted and makes them public. It could have a dimension of national security. Healthcare data breaches are more expensive than financial, and healthcare data sell at multiple premiums than financial data on the dark web. This data breach is a wake-up call for India, pursuing the national digital health mission. Recently, eSanjeevani (National Telemedicine Service) completed eight million consultations, which is likely to increase, making it perhaps the world’s biggest digital consultation platform. Imagine if the eSanjeevani is compromised! This data or security breach has much more significant ramifications; the momentum gained for adopting the technology will likely slow down if India’s top healthcare facility, which serves the highest level of government functionaries, can be compromised. What about smaller hospitals and providers? This will put off plans for millions of providers who are about to adopt technology in their hospitals, clinics, or as practitioners. The IT security services would become expensive and make the deployment of IT in healthcare unaffordable for smaller providers, thereby defeating the goal of healthcare transformation.
Health data breaches are not new, and even the most advanced countries face data breaches. In 2022, in the United States, the healthcare sector suffered about 337 breaches, and according to IBM, the cost of a data breach is an average of US$10.1 million per incident, which is a 9.4 per cent increase over 2021.
According to The Department of Health and Human Services, Office for Civil Rights breach, there were 686 healthcare data breaches of 500 or more records in 2021; with COVID-19, healthcare has moved online faster than ever before, and so have the data breaches.
Even the world’s biggest healthcare delivery system, the National Health Service (NHS) of the U.K., suffered a major data breach on August 4, 2021, leading to a massive disruption of the NHS services across the U.K., including the ambulance service providers.
As a nation gearing up to adopt digital health across the continuum of care, we must be prepared to pre-empt security breaches. The silver lining for India is that India has proven that its fintech industry remains the safest in the world, and this has lessons for the healthcare sector. India’s healthcare system’s security should be handled by a task force, and it should set a benchmark as high as UPI, or the big plans for digital health may slow down, putting many healthcare consumers at a severe disadvantage. The security guidelines should be developed immediately.
Health Parliament has started national-level discussions on a security framework for practicing clinicians and providers and will develop guidelines over the next few months.