Healthcare and Cyber Security 2015 :Is India Ready?

1
Healthcare and Cyber Security 2015 Is India
Ready?
Nitish Chandan Int. B.Tech CSE LL.B Hons. Cyber
Law (UPES, Dehradun) Founder Technical
Writer The Cyber Blog India
2
Cyber Security in Healthcare is divided into two
fronts
Data EHR (Electronic Health Record)
Critical Network Infrastructure
(All devices and equipment on a network that are
responsible for monitoring and evaluation of
patient health and to deliver some or the other
treatment facility)
Contains a patients medical history, diagnoses,
medications, treatment plans, immunization dates,
allergies, radiology images, and laboratory and
test results in a digital version
3
Problem in the Indian Scenario Data

• Estimation of Readiness is not possible as of
  today numerous health centres still in the
  digital disconnect.
• Standards for EHRs are available but only to the
  point that they should be secure.
• Generally, all electronic health information
  must be encrypted and decrypted as necessary
  according to user defined preferences in
  accordance with the best available encryption key
  strength.
• NeHA has been constituted which will also deal
  with privacy issues and healthcare.
• Data Leaks are not only due to insufficient
  standards and policy (Similar standards in IT Law
  as well user awareness both patients and
  caretakers is lacking.
• Who is the owner of an EHR?

4
Critical Infrastructure

• Study by a researcher at one of the Midwest
  Healthcare facilities revealed that drug infusion
  pumps could be remotely manipulated to change
  dosage.
• Defibrillators being controlled over Bluetooth
  were prone to attack to give random shocks to a
  patients heart or to prevent one.
• Thermostats on networks vulnerable to temperature
  settings change. Has caused spoilage of drugs.
• Misdiagnosis, Wrong Prescription and
  Administration of unwarranted care.
• Leads to a new type of crime Cyber Murders.

5
Vulnerabilities

• Some emergency equipment could be rebooted, wiped
  clean of the configurations allowing hackers to
  take control of important healthcare
  infrastructure.
• Passwords are still names of people, admin,
  password, 1234.
• The biggest Cyber Security fact in any system is
  that no firewall or IPS can protect a system that
  is protected by a password like the above.
• Another problem is with the level of encryption
  and secure channels for communicating embedded
  systems data into patient records and vice
  versa.
• Newer technologies like infusion pumps with web
  administration interface for nurses to change
  drug dosage are easily hackable because of
  hardcoded passwords that are often never changed.

6

• Implantable medical devices to grow about 7.7
  through 2015, and more than 2.5 million people
  already rely on them.
• Medical information can be worth 10 times as much
  as a credit card number.
• We are a little ready for what we are facing but
  we are not yet facing what the rest of the world
  is.
• A lot has been talked of about EHRs in the
  national EHR Standards but an overall Cyber
  Security Policy for the infrastructure is absent.
  

7
To Conclude
Awareness and Sensitization is the key to Cyber
Safety

• Carefully categorize and classify data about
  patients, hospital and staff etc.
• Sensitize user groups who are responsible for
  handling digital equipment.
• Employ security audits and penetration testing of
  devices, networks and users.
• The next generation is going to be of Cyber
  Murders and when we look back then, the question
  that is in the present tense today might be,
  Shouldnt we have been ready?