It hasn’t been long since we reported Dr Reddy’s falling prey to a ransomware attack & isolating all their data centres. Not even 2 weeks since the incident has passed, another pharmaceutical giant of the nation, Lupin has reported a ransomware attack on their systems.
The news came this Thursday when the company informed that it has suffered an information security incident, impacting their internal IT systems. But they have mentioned that the incident hasn’t impacted the company’s core systems or operations at any level. The authorities of the company have been informed of the incident & mentioned that the investigation is undergoing. They are doing their best to restore the impacted systems in due time.
It is upsetting to see two major pharma companies of the country getting affected by cybersecurity incidents in such a short span of time. Dr Reddy’s had also been affected days after getting approval for the human trials of Sputnik V, after which they had to halt the functioning of the company for a while.
Indian Healthcare Industry is far from safe
These incidents are not really new for the Indian Healthcare industry. In fact, the Indian healthcare sector has been affected worse than others in this Coronavirus pandemic period. The reason for this is the negligence in the sector when it comes to securing data. Just this June, the CEO of Hackrew was able to view & edit classified personal information of lakhs of patients across the country.
Healthcare industry is one that has been accused of not paying enough heed towards the security of their data. Where other sectors allocate up to 15 to 20% of their budgets towards securing their data, the healthcare sector doesn’t allocate any more than 5% of the budget. This, combined with the fact that the data if falls in the wrong hands can cause damage to millions, makes the situation scarier.
It takes a year to detect & fix a vulnerability
Not only are these attacks increasing, but they are also really tough to fix. It takes an average of 329 days for companies to detect & fix a data breach in the healthcare industry. Which means that the personal medical information of many remains vulnerable all this while before the vulnerability is fixed, putting a large amount of data in jeopardy for months.
Moreover, the cybersecurity breaches in the Healthcare industry cost a fortune to be fixed. An average breach in this industry costs up to $7.3 million dollars to be fixed, which is higher than any other sector and this cost is increasing with time. The cost of fixing a healthcare breach in India has risen by 10% since 2019, which is in itself 84% greater than the global average for the same.
Even for first world countries like America, data breaches in the healthcare sector are a major concern. But for Indian organizations, it is quintessential to understand that greater attention needs to be paid to cybersecurity. Since these organizations withhold personal information of millions of individuals, they cannot afford to risk their data to vulnerabilities as it causes damage to these individuals.