Pre-cum-Mains GS Foundation Program for UPSC 2026 | Starting from 5th Dec. 2024 Click Here for more information
Contents
Source: This post on the ICMR data breach has been created based on the article “Thieves & Servers” published in The Times of India on 2nd November 2023.
UPSC Syllabus Topic: GS Paper 3 Internal Security – Basics of cyber security.
News: This article discusses the recent breach of healthcare data with the ICMR.
A detailed article on Cybersecurity in India can be read here.
What are the different types of cyber data breaches?
1) Hacking: Unauthorized access to computer systems, networks, or databases by exploiting vulnerabilities.
2) Malware attack: Malicious software infects systems to steal data, damage files, or gain unauthorized access.
3) Ransomware attack: Malware encrypts a victim’s data, demanding a ransom for giving access.
4) Phishing: Attackers use deceptive emails or messages to trick individuals into revealing sensitive information or clicking on malicious links.
5) Physical Theft or Loss: Breach occurs when physical devices like laptops or storage media are lost or stolen.
6) Distributed Denial of Service (DDoS): Overwhelming a network or website with traffic to disrupt services and potentially expose vulnerabilities.
What is the recent incident of health data cybersecurity breach?
Last month a server breach in ICMR led to the leaking of personal information of about 81 crore Indians, who had taken COVID vaccines. This data was put on auction on the dark web.
This is the third time that healthcare system servers were breached. The government had informed the Parliament that there was a leak of CoWIN data in June. Prior to that, there was a ransomware attack at AIIMS, Delhi.
More on Indian Council of Medical Research (ICMR) can be read here.
What do these incidents indicate?
1) Vulnerabilities in the Digital Architecture: The repeated breaches of healthcare data reflect the challenge faced by the digital architecture.
2) Sensitive nature of Health Data: Health data contains personal information, medical history, and sometimes even genetic information. It is considered highly sensitive. Hence, it has been a key target for ransomware and extortion.
3) State-Sponsored Espionage: Countries may target health data to gain insights into the spread of diseases or identify vulnerabilities in healthcare infrastructure for strategic purposes.
4) Financial Gain: Stolen health data can be used for medical identity theft or insurance fraud.
5) Issues with Data Protection Laws: Data protection law provides sweeping exemptions to the government which influences the approach to cybersecurity. Government agencies might focus on priorities which could be tilted towards data collection and surveillance, rather than data protection and privacy.
How does India’s digital health infrastructure work?
As part of the National Digital Health Mission, India’s digital health infrastructure consists of 4 key features:
1) Health ID
The national health ID will be a repository of all health-related information of every Indian. The Health ID is voluntary and applicable across states, hospitals, diagnostic laboratories and pharmacies
2) Personal health records
3) Digi Doctor
The Digi Doctor option will allow doctors from across the country to enroll and their details will be available here. These doctors will also be assigned digital signatures which can be used for writing prescriptions.
4) Health facility registry
5) At a later stage, it will also include e-pharmacy and telemedicine services.
India’s digital health infrastructure works on the principle of federated architecture, which means that information flows between all stakeholders in the healthcare universe but doesn’t get centrally stored.
However, it could mean that the risks of a data breach can be magnified. A World Bank study of ABDM said health insurers can access patient data simply because they are in the ecosystem and use the information to hike premiums.
A detailed article on Ayushman Bharat Digital Mission (ABDM) can be read here.
What needs to be done?
1) Stricter oversight: Governments need stricter oversight on security.
2) Accountability towards people: They need to be more accountable to people whose data has been leaked.
Question for practice:
India’s ambitious projects regarding digitization of healthcare offer immense opportunities but are riddled with various cybersecurity challenges. Discuss.