A Critical Study on Enhancing Cybersecurity in India’s Healthcare Sector

The healthcare industry in India comprises both private and public institutions that offer essential services across urban and rural areas. This sector includes hospitals, pharmaceuticals, diagnostics, medical devices, medical insurance, medical tourism and telemedicine.  Technological advances such as Artificial Intelligence (AI) have enhanced operations and services in this industry. AI is applied in hospitals for patient management and personalized treatment plans, in the pharmaceutical sector for drug discovery and in diagnostics for accurate medical image analysis. It also supports the development of smart medical devices, aids health insurance providers in risk assessment, improves patient recruitment in clinical trials, enables virtual consultations in telemedicine and streamlines medical tourism experiences. Nevertheless, these advancements have increased the risk of cyberattacks. In 2022, nearly 1.9 million cyberattacks on healthcare facilities exposed serious cybersecurity weaknesses. These attacks often involve ransomware, denial-of-service attacks, phishing, data breaches, malware and insider threats which disrupt operations and steal sensitive data.

To protect data, India has enacted laws and regulations such as the IT Act 2000, the NCSP 2013, The IT Rules 2021 and the DPDP Act 2023. Despite these laws and policies, the healthcare sector remains vulnerable, signifying that these are inadequate. This study therefore highlights need for improved cybersecurity in India’s healthcare sector, recommending stricter law enforcement, investment in better security technology, efficient staff training to protect patient data, conducting regular security assessments and using advanced encryption techniques.