Is India's e-Heath Secure? Jaspreet Singh EY India
-
Upload
rahul-neel-mani -
Category
Healthcare
-
view
244 -
download
0
Transcript of Is India's e-Heath Secure? Jaspreet Singh EY India
Page 2
Agenda
A Recent attacks across the world
B Security-Introduction
C e-Health status in India
DCyber security in healthcare- a rising concern
ECyber security in the health sector-key statistics
F Implications of cyber threat incidents
G Proactive measures against cyber attacks
Page 4
90%
of large organisations reported suffering a
security breach in 2014
$300 Billion –$1Trillion
Cost of cyber attacks a year
91%
Of cyber attacks are Spear Phishing
attacks
144%
Increase in cyber attacks on business
over a period of four-year
46%
Of the complaints or identity theft frauds reported globally
involved breaches of government documents
6,00,000
Facebook accounts are hacked everyday
Sources: Publicly available information and EY cyber security report
Key statistics about cybersecurity risks
Is India's e-Health Secure?
88%Of respondents do not believe their
information security fully meets the
organizations needs 59% see criminal syndicates as most likely
source of an attack today compared with
53% in 2014
2014 2015
53%
59%
Page 5
Some of the key e-Health initiatives in India taken by the Government of India andprivate players
e-Health status in India
Is India's e-Health Secure?
1. Mobile applications like Practo, SuperDoc, Credihealth, Mediexpress etc. that provide end to end information on medical services like doctors, hospitals, treatments and allows users to create their profile and upload their medical reports and records
2. Mobile applications like healthy You card and healthy you EHR by the Govt. of India that helps a user search for doctors ,hospitals , book an appointment and get notifications
3. National health portal for health awareness for the rural sector
4. E-Blood Bank and on-line registration in Hospitals
5. Kilkari to deliver weekly audio messages through phones to pregnant women
The e-health sector in India is still in the nascent stage, however with the advent ofbetter access to technology and health services, it is predicted that the spending one-Health initiatives will increase over the years.
Page 6
Security - Introduction
Security is commonly referred to as the confidentiality, integrity and availability of data.Data security ensures that the data is accurate and reliable and is available when thosewith authorized access need it.
In other words, it is all of the practices and processes that are in place to ensure data isn'tbeing used or accessed by unauthorized individuals or parties.
Confidentiality
Integrity Availability
Confidentiality: Ensuring that information is accessed by only those who have authorization to have access to it
Integrity: Safeguarding the accuracy and completeness of information and its processing methods
Availability: Ensuring that authorized users have access to information whenever required by them
Security in healthcare sector (e-Health)
Security in e-Health sector means protecting patient or client personal information andpersonal health information (PHI) against theft, loss and unauthorized collection, use ordisclosure and ensuring that the records containing the information are protected againstunauthorized copying, modification or disposal.
Is India's e-Health Secure?
Page 7
Healthcare data is unique, which makes the privacy and security of it so critical
While credit cards can be cancelled while lost orstolen, medical records can be compromised foryears
Stolen healthcare credentials sell for 10 to 20 times more thanstolen credit cards on the black market.
Electronic health records sell for $50 per chart on the black market,compared to $1 for a stolen social security number or credit cardnumber
WHY? Medical records contain most of the data hackers want,making them ideal for ONE-STOP STEALING. Weak cybersecuritymakes electronic protected health information (ePHI) more vulnerable
Cybersecurity in healthcareA rising concern
Is India's e-Health Secure?
Page 8
While cybersecurity and data breaches are rising across industries, healthcare is laggingbehind in cybersecurity investment
Cybersecurity in healthcare: IndiaWhy it’s not enough, Why it can’t wait?
Indian security spending(hardware , software andservices) in India touched$1.11 billion in 2015.
Health care providers in Indiaspent approx. $ 1.2 billionon IT in 2015.
Out of the allocated IT budgetof healthcare, <5% was spenton security, which signifiesthat security spending in themedical sector was <6% whencompared on a sector widesecurity spending.
91% of healthcare companies reported at least one incident in the past two years.
In the sample survey of 350healthcare companies, the meantime to identify a breach was 206days, with a range of between 20and 582 days being reported.
Some cybersecurity facts with respect to healthcare sector
1 2 3
Medical sector
Others sector
Source: Publically available information
1 2
Is India's e-Health Secure?
Page 9
Connected Medical EndpointsConnected medical devices, applications and software used by healthcare organizations providing everything from online health monitoringto video-oriented services are fast becoming targets of choice forhackers
1
2 One-stop ‘treasure-trove’ to dataHealthcare industry holds vast collections of sensitive patient andmedical documents – data of significance value to hackers
3 Cost of a data breachAs of 2015, a recent data breach study estimates that breaches costthe healthcare industry about $5.6 billion annually.
4 Loss of reputationA data breach can raise questions and concerns as to the adequacy ofits data security protocols and can lead to loss of entire business
5 Cyber Murder:Medical devices vulnerable to hacking—an infusion pump officialswarned could be modified to deliver a fatal dose of medication. Devicescould allow improper access to networks of hospitals and otherhealthcare providers.While the potential of information technology in radically transforming healthcare is indisputable, protecting healthcare data against
misuse, without impeding healthcare professionals’ access to patient information, remains the biggest security concern.
Why should healthcare industry worry about cybersecurity
Top 3 concerns ofhealthcare CIOs in India:
Internal breach
Inadequate deployment of
technology
Regulatory compliance
Is India's e-Health Secure?
Page 10
Out of the sample laboratories selected, 28% ofthem were aware of HIPAA where as 72% of thelaboratories were not aware of the HIPAAimplementation/audits.
However the need of HIPPA was felt in 92% of the labs
Another area of slight concern is in theappointing of officers who will be a single pointof contact at each business responsible forhandling any conflicts.
Only 30% of the healthcare companies selected in the sample had appointed a security officer.
Why should Indian healthcare industry worry about cybersecurity?
A research was done to understand the Indian diagnostic business and theimplementation level of HIPPA* in India. Key highlights were as follows:
*HIPPA-Health Insurance Portability and Accountability Act
Aware
Unaware
Not needed
Needed
Need for certified personnel and labs in the healthcare sector, based on the sample size
3325
616
9
34
Need for ISO certification Need for HIPPAcertification
Need for NABL accredatedlaboratory
Appointed
Not appointed
72%
28%
92%
8%
70%
30%
Is India's e-Health Secure?
NoYes
Page 11
Unsatisfied customer
Implication of cyber incidents
Legal action
Brand reputation
Financial loss
Business disruption
The healthcare industry is constantly on the move and isextending beyond hospitals, confidentiality of patient data andhospital database becomes top most priority. The industry hasto go a step ahead with the standard antivirus and firewallcombination to safeguard the importantinformation of a patient and avoid anyinfringement.
Is India's e-Health Secure?
Page 12
Proactive measures against cyber threats
Assess Your Network
Gain visibility into the enterprise and system including nontraditional devices like printer, personal medical devices andinstitutional medical instruments
Most of the out-of the box networked devices and applications arenot secure like VPN, firewalls etc and strong password policiesshould be implemented
Think like an attacker
Devices with default credentials, insecure ports and otherconfiguration pose attack surfaces
Physical pathway should also be considered, a surveillance cameracan be turned off or used to gather crucial information in gettingaccess to physical or network environment
Analyze your Network Pathway
Egress filtering restricts flow of unauthorized or malicious trafficoutbound from a network to prevent internal compromise
Real time analysis of outbound traffic
Combine visualization with threat intelligence to spot traffic trendsfor ports like TCP and UDP which are commonly open throughnetwork perimeter
Is India's e-Health Secure?
Page 13
Thank You
EY Contact
Jaspreet SinghPartner
+91-(124) 464 4000