Cyberattacks Hit Nearly 60% of Healthcare Organisations Globally in the Past Year: Report

This includes India's top institutions such as the All India Institute of Medical Sciences and the Indian Council of Medical Research.

New Delhi: Nearly 60% of healthcare organisations globally have suffered a cyberattack in the past 12 months, the Economic Times has reported, citing a new study by Sophos, a UK-based cybersecurity firm.

This includes India’s top institutions such as the All India Institute of Medical Sciences (AIIMS) and the Indian Council of Medical Research (ICMR), the newspaper reported.

Of these, cybercriminals were able to successfully encrypt data in nearly 75% of ransomware attacks – the highest rate of encryption in the past three years, the business daily reported.

This is a significant increase from the 61% data encryptions carried out last year, ET reported, citing the cybersecurity firm’s study.

In comparison, only 24% of healthcare organisations were able to disrupt a ransomware attack before the attackers encrypted their data. This, per the report, has fallen from 34% in 2022. This is also the lowest rate of disruption reported by the sector over the past three years, it added.

Last year, on November 30, the website of the Indian Council of Medical Research (ICMR) faced around 6,000 hacking attempts in 24 hours.

This happened a week after five servers of the All India Institute of Medical Sciences (AIIMS) had been hacked by ransomware. An estimated 1.3 terabytes of data was encrypted. The hackers had made it impossible for AIIMS to access its own data.

On October 31, 2023, in a massive data breach, information of over 81.5 crore Indians with the ICMR were sold on the dark web.

But why is the healthcare sector becoming a new target for data breaches?

Outdated software, legacy systems, and inadequate investments in cybersecurity has worsened the situation, Raj Sivaraju, president APAC, Arete, a cyber risk management firm, told Hindustan Times.

As India moves towards digitising the healthcare sector, it has increasingly become important to secure the online systems.

India was ranked the third-worst country, following the US and Brazil, for cybersecurity risk events in the first half of 2023, according to Trend Micro’s 2023 report.

The cyber threat landscape

What’s even more concerning is that Indian firms cannot prevent almost half of cyber attacks, said a report by Columbia-based cybersecurity company Tenable.

The report is based on an online study of 825 IT and cybersecurity professionals, of which 69 were Indians.

“In today’s threat landscape, by the time organisations react to cyberattacks, the battle is half lost,” Tenable India country manager Kartik Shahani told news agency PTI.

This is due to the lack of coordination between the IT and cybersecurity teams, a challenge acknowledged by 43% of Indian organisations, per the report.

The misalignment in goals between IT and security teams in organisations results in a palpable lack of synchronisation, making it challenging to work cohesively toward a shared goal, Shahani said.

As many as 78% of Indian respondents believe their organisations could better defend against cyber attacks with more resources dedicated to preventive cybersecurity. However, only seven in 10 (71%) organisations say their IT teams are more concerned with uptime than patching and remediation, the report said.

A high cybersecurity skill gap

Moreover, India’s cybersecurity industry faces a massive demand and supply gap.

Despite having the second highest number of active internet users after China, India represents only 6% of the global cybersecurity jobs.

There were only 40,000 job openings in this industry as of May 2023, Business Standard reported.

While there’s a growing demand of cybersecurity professionals in India, the industry is facing a major skill challenge, with the demand-supply gap standing at 30%, the report said.

According to the report, India’s cybersecurity workforce stood at around 0.3 million in 2023, up from 0.21 million in 2022, and 0.1 million in 2021. In comparison, the global workforce of cybersecurity professionals stood at around 4.7 million.

In terms of cybersecurity revenues, India is generating an estimated revenue of $2.50 billion out of the global revenue of $222 billion, it added.

Note: This story, which was originally published on November 3, 2023, has been edited to say that nearly 60% of healthcare organisations globally had suffered a cyberattack in the past one year.