The health data of millions is publicly accessible worldwide, recent reports have said.
US non-profit organisation ProPublica and German public broadcaster Bayerischer Rundfunk released the investigation, which found that “medical images and health data …including X-rays, MRIs and CT scans, are sitting unprotected on the internet and available to anyone with basic computer expertise.” This is true, ProPublica reports, of five million Americans as well as millions worldwide. Concerning the vulnerability of such data, cybersecurity expert and consultant Jackie Singh explained to ProPublica “it’s not even hacking. It’s walking into an open door.”
The news is timely, with one study published this year noting “healthcare data are attractive to cyber-criminals because they contain financial and personal data, can be used for blackmail, and most valuable, are ideal for fraudulent billing. They are also remarkably vulnerable to penetration because of the fluid and always-evolving nature of a patient’s medical care and because of the number of clinicians, facilities and transactions required to connect patient care across multiple settings.” The findings ought to come as a warning to India, where numerous stories have spotlighted how insecure health data is, ranging from patient records to pharmaceutical companies’ information.
A recent case saw 68 lakh health records being stolen by hackers. Also, earlier this year, a cybersecurity error led to the health records of more than 12.5 million pregnant women being exposed online and available for public consumption. Hacks can lead to losses of up to US$2.3 million for healthcare companies.
For the pharmaceutical sector in India, cybersecurity is weaker than it ought to be: a mere five to ten percent of pharmaceutical companies in the country have cybersecurity systems robust enough to ward off attacks. As such, it was unsurprising when cybersecurity experts reported recently that Indian pharma is the sixth most-affected industry of its kind in the world regarding cybersecurity attacks. 45 percent of devices in the sector witnessed attempted malicious attacks last year, up from 44 percent the year before.
The results can be compromising on multiple levels – personally, financially, socially. This is true of industry players, healthcare providers, and – of course – patients themselves. Continued warnings from cybersecurity experts must be taken seriously and action must be taken to ensure data is secure and safe. As Singh notes, “it’s 2019. There’s no reason for this.”