Many hospitals in Jammu and Kashmir including premier SKIMS institute offer various online services to patients. Range of services from the emergency, out-patient, in-patient and laboratory wings operate through online means. While these services have been benefiting patients and attendants to great deal, the November 23 attack on the country’s premier medical institute, the All India Institute of Medical Sciences New Delhi (AIIMS), should be taken as a warning regarding threats existing in the online and intricate systems. All e-functioning had to be shifted to manual management. Long queues have been witnessed and patients as well as attendants accompanying them face horrendous times. Besides it has burdened the hospital staff, otherwise helped to a great deal in their work by the advent of online technology.
Of late, cyber attacks on medical institutes are getting common. Unfortunately, the covid-19 pandemic has been a blessing for the hackers and criminal syndicates who seem to have realised the dependence of these institutes on digital systems to optimally manage medical functioning as well as store and handle large volumes of patient data including their reports. Both the aspects of security and privacy surface in such a situation. Signs of the worst that could happen now may have been warned of by developments in Australia this month as data from the country’s leading private health insurer, Medibank.
Like Medibank, ransomware has locked away AIIMS’ data with an unattainable to crack cryptographic key which is held by an attacker whose identity and motives is to extort a hefty ransom from AIIMS. Ransomware operators have already released in tranches around 10 million medical records hacked from Medibank after the demand was not met. The threats on both counts exist. These ransomware or like-minded individuals can target any other institute for apparent motives. In such a situation, the need of the hour is to make online services impeachable and strengthen cyber security.
The targets such as AIIMS and Medibank are not just valuable for the money they can extract, medical records of tens of thousands of people are at risk. Such developments are a disconcerting reminder of how costly delays in tightening cybersecurity could become. AIIMS and Medibak incidents are a wake-up call for organisations across sectors to shore up security measures. These incidents should goad the authorities to enhance cybersecurity measures that enable multiple backups of valuable records, as also to conduct regular cyber audits.