At first, it was only money that cyber criminals were after, but this isn’t the case anymore. In 2017, when data breach incidents started to affect businesses, banks weren’t the most impacted — it was healthcare providers, their staff, and even patients. Fast forward to 2021, the year ended with the reports of a ransomware attack on India’s foremost government hospital. The breach was detected in the internal systems of AIIMS, which led the hospital to shut down most of its digital patient care systems and move to manual means. Undoubtedly, this must have caused the entire staff and patients a great deal of chaos, which we can’t even possibly fathom!
However, have you ever wondered about the repercussions of such incidents on an individual’s life?
Mr Amit Rajan’s case is one of many such victims whose life took a spin after being sent home from a successful heart operation. Mr Rajan, a middle-aged man from Mumbai, had undergone heart surgery at one of the city’s leading hospitals. After the surgery, he was discharged and went home to recover. Much to his dismay, his troubles were just beginning. A few weeks after his surgery, he received a call from his health insurance company about the medical loan received by him. The company claimed that all his medical documents were verified and the account transfers were made 3 hours prior to the call. Mr Ranjan froze to the ground as he had never claimed any medical loan in his life. And, what else could he have done? The account transfer was already done and the thought of paying back 5 lakh rupees to the bank was beyond terrifying. In response to this incident he filed a complaint and hoped that the investigation would bring him some better news. This identity theft took a whole new level when he was informed of suspicious transactions made using his credit card. He immediately contacted the bank and blocked his card, but the damage was already done. The cybercriminals had managed to steal his credit card information during the data breach at the hospital where he underwent surgery.
Note: India has reported over 4000 online identity thefts in the year 2021. The states of Karnataka, Assam, Uttar Pradesh, and Jharkhand are some of the countries with leading registered cases in India.
Upon investigation, he found out that his personal information, including his name, address, phone number, and even his government identification card details, had been stolen during the data breach at the hospital.
Mr Rajan’s case is not an isolated incident. Identity theft has become a growing concern due to the increasing number of data breaches in various sectors. Cybercriminals can use stolen personal information to open bank accounts, apply for loans, purchase goods and services, and even commit crimes in the victim’s name. The consequences of identity theft can be devastating, ranging from financial loss to reputational damage.
Did you know – Patient data is 10 to 15 times more valuable than credit card data when sold on the dark web?
Individuals need to be vigilant and take proactive measures to protect their personal information. This includes regularly monitoring bank and credit card statements, checking credit reports, using strong and unique passwords, and avoiding sharing personal information with untrusted sources. But, crucial for businesses and like in this case healthcare facilities to prioritise cybersecurity measures and ensure the protection of their patients’ personal information.
The situation of identity theft for Mr Rajan has not just caused financial loss but has also pushed him emotionally and psychologically from which he might not be able to recover soon. Worst case scenario, what if he decides to skip his further treatment? Which might get dangerous as he is a recovering heart patient.
After a few months and further investigation by city’s cyber branch experts, Mr Rajan was informed that a minor software breach in his primary care facility’s system was responsible for the identity theft and it’s possible that his personal details were already sold on the dark web a few months before the incident.
No system is breach-free, but Mr Rajan’s story and several other identity theft incidents indicate that even as a primary healthcare provider, one must be certain of the OPD Management Solutions or Facility Management Solution, they are using to manage the care facility.
Primary healthcare facilities can take several steps to reduce data breaches and protect their patients’ personal information. Here are some of the key steps:
- Conduct regular risk assessments: Primary healthcare facilities should regularly assess their cybersecurity risks and vulnerabilities.
- Implement strong access controls: Access controls such as multi-factor authentication, password policies, and role-based access controls can help protect sensitive patient information from unauthorised access.
- Encrypt sensitive data: Sensitive patient data such as health records, pan card numbers, and insurance information should be encrypted to protect it from unauthorised access in the event of a breach.
- Use secure communication channels: Facilities should use secure communication channels such as encrypted email and messaging services to ensure that patient information is protected while being shared among healthcare providers.
- Regularly update software and systems: Primary healthcare facilities should ensure that all software and systems are regularly updated with the latest security patches and updates to prevent known vulnerabilities from being exploited.
Or, if you want to practise stress-free, upgrading your care facility with HArbor’s Practice Management Solution is the best possible solution.
HArbor Says: Cyber security researcher Ehraz Ahmed once said – “No system is 100 percent foolproof. If humans have built it, humans can enter it, but there are checks and balances to secure the systems” and we stand by it.
Want to know how HArbor manages to keep data breaches at bay?