Criticality of data in healthcare :
In earlier days, healthcare data was handwritten by medical personnel that is voluminous to handle and store. The advent of technology enabled storage and retrieving of such data at the tap of a finger, but this ease of technology comes with its own risks. As digitalisation increases, data breaches and cyber-attacks have become
much more regular, making patient information more vulnerable. That is why the greatest level of data privacy is vital in healthcare services as the people entrust health tech companies with such data.
Nowadays, data is critical in information warfare. Data is a necessary component of AI. As a result of digital revolutions, the amount of data about an individual is expanding. Health records must adhere to strict data privacy regulations. The threat is posed not just by hackers, but also by organisations that engage in malicious activities or use backdoor methods to obtain data.
Data breaches can enable hackers to utilise healthcare data to blackmail and extort people while also causing them significant pain. They can also utilise medical information to perpetrate fraud, such as insurance fraud. Another risk is that unencrypted medical data exposes the victim’s identity, bank accounts, and so on. Last
year, a US based cybersecurity firm reported that attackers from China compromised an Indian healthcare website and breached more than 68 lakh health records which contained information of patients and doctors. According to the firm, the average cost of a single stolen record in healthcare is US$ 380, which is the highest among all the
industries.
Chinese backed (invested) startups overseas, including India, will now also need to tread more cautiously considering India’s laws will now have more stringent measures in place to penalise breaches.
More recently, five AIIMS servers were targeted by hackers and China’s role was suspected in this attack. In another incident, a data set of a hospital in Tamil Nadu contained patient data that was reportedly being sold on the dark web.77 At the grassroot level, some of the major challenges we face in healthcare data security
are lack of awareness, digital literacy, role based access and governance by the health tech ecosystem.
Lack of awareness is the most difficult issue to address! Health care workers who gather patient data require some level of data security training. If workers are not provided with fundamental instructions, it becomes very difficult to arrest or, in certain situations, avert the breach. Healthcare professionals are usually not trained in tech simply because it’s not a part of their day to day job. But with basic training, anyone can learn how to handle tech and software. Digital literacy emphasizes, among many things, the importance of online safety skills, basics of internet safety such as creating strong passwords, understanding and using privacy settings, and knowing what to share or not on social media.
Any infrastructure inside the business that handles patient data should be configured with role-based access. Role-based access operates on the premise that persons with restricted access to information will also have restricted access to data and other
information. Indian brands in the health-tech space, have put in place widely accepted industry norms for data protection and security. They recognise that electronic health records contain sensitive data and hence put in place systems and practices, to mitigate data theft/hacking.
The Government of India has a global role to play when it comes to information exchange. It houses one of the largest populated countries of the world with the highest digital illiteracy rate. Digital health adoption needs to be carefully balanced by stringent data protection measures. Loss of trust dents the ecosystem and slows down the adoption of digital health. Digital Privacy laws are still in the infancy stage in India. In the context of employer-led benefits, the onus is on the employer to ensure compliance of data protection.
One, then, needs to take extreme measures in maintaining data encryption, data security, and regular training for healthcare personnels so as to maintain compliance with India’s data protection law. There is therefore, a strong governance and regulatory
framework needed to ensure data protection. With these introspections in place, we will witness a change in the way healthcare and health-tech is delivered
DATA SECURITY PRACTICES FOLLOWED BY BANKS :
Pursuant to the data theft and breach of security, the banks must adopt an all-round security strategy to protect sensitive data of its customers in order to prevent internal or external data breaches. Few ways in which this is done are as follows:
1.Authentication :
Every bank transaction must first be authenticated in orderto verify the identity of the person initiating it. This applies to customers who use online or mobile banking systems, visit the bank in person, or use credit/debit cards. It is also applicable to the employees of the bank who have access to the data of the banks and their customers.
2.Audit Trails :
A statement or passbook containing a history of banking transactions is always available. In addition, banking systems also keep an audit trail for every event that occurs during a customer’s interaction with the systems. Whether a customer uses phone banking or online banking, the time of the interaction, as well as the details of the interaction, are recorded in the audit trails. This data is backed up daily and is
never completely removed, instead is being archived at predetermined time intervals.
3.Secure Infrastructure :
Secure infrastructure refers to the database systems and servers where data is stored, as well as the boundaries that are set up to secure these. In most core banking systems, production data is encrypted. Important data such as bank account numbers, customer names, and addresses must be masked, if testing is required. Production systems are not accessible. Bank employees are typically provided with specialized equipment that restricts access to social media, personal emails, and Universal Serial Bus (hereinafter referred to as “USB”) ports.
4.Secure Processes :
Many processes have been established by banks to ensure that security is implemented and tested. This includes updating customer Know Your Customer (hereinafter referred to as “KYC”) information, requiring non- disclosure agreements from employees and vendors, securing special zones within the premises, and using remote data centers.
Additionally, processes related to global and national regulations are put into place, and risk analyses are done to make sure these processes comply with the rules.
5.Continuous Communication :
In addition to the periodic account statements that are generated and sent to customers, banks communicate with customers on a regular basis about system upgrades, the implementation of new authentication procedures, and so on. Customers can also set limits and alerts based on various conditions to ensure that they are notified if any unusual activity occurs with their accounts.
