India’s Healthcare Sector a Major Target for Cybercrime: Report

The adoption of technology has revolutionized healthcare. Patients no longer need to collect and store physical reports. Telemedicine, IoT devices, electronic health records (EHR) have made their lives much easier. But this has brought a new threat: the theft of confidential patient data.

India’s healthcare sector is a top target for cybercriminals, facing more than 6,900 cyberattacks a week, according to an Israeli cybersecurity solutions provider.

read more

A report by Check Point Software Technologies Ltd. states that the Indian healthcare sector witnessed an average of 6,935 attacks per week compared to an average of 1,821 attacks per healthcare organization globally. The huge number of attacks exposes the vulnerabilities in the digital infrastructure of the Indian healthcare sector.

Healthcare facilities are often at risk because they store a variety of sensitive data, including medical, personal, and financial information. The critical nature of their operations means that any disruption could have life-threatening consequences.

Many Indian healthcare systems rely on outdated technology, making them more vulnerable to attacks, and limited funding for security upgrades is making this problem even worse.

The urgent need to restore critical care services often forces victim organizations to meet attackers’ ransom demands.

The UK’s National Health Service (NHS) faced disruption to services after Russian hacker group Qilin stole more than 400GB of private medical data from a provider called Synnovis.

OTHER TARGET AREAS

Educational and research organizations are the second most targeted by hackers, with an average of 6,244 attacks per week. Government and military entities were also targeted with more than 3,600 attacks.

The report also highlighted that Indian organisations were targeted an average of 2,924 times a week in the last six months, while globally, each organisation was attacked 1,401 times.

In recent months, the most commonly used malware has been the one called “FakeUpdates” and other botnets such as Remcos.

Over 63% of malicious files in India were delivered via email, while the rest were delivered via web services. The report said that 58% of the most popular malicious files delivered via email were executables, while 59% of malicious files delivered via web were PDF files.

“The ease of email spoofing and the ability to transmit threatening content make email a powerful tool for spreading malware, stealing credentials, and conducting social engineering attacks,” said Sundar Balasubramanian, Managing Director, Check Point India and SAARC.

The healthcare sector in India has seen a number of high-profile cyberattacks in recent years. In late 2022, hackers attacked the systems of AIIMS and allegedly demanded a ransom of around Rs 200 crore in cryptocurrency. Almost a year later, in late 2023, the Indian Council of Medical Research (ICMR) also suffered a major cyberattack that led to the loss of personally identifiable information (PII) of 81 crore Indians.