AN EVIDENCE-BASED INVESTIGATION OF CERT-IN'S REPORTING ON CYBER-THREATS IN HEALTHCARE SECTOR

Autores/as

DOI:

https://doi.org/10.18316/rcd.v16i42.11694

Palabras clave:

Cyber-attacks; Healthcare; threat landscape; Governance; Incident Reporting; Administration; CERT-In

Resumen

The pandemic underscored the significance of a digital health system. Healthcare sector has become one of the most important infrastructures since then. Undoubtedly, the digital health is the ultimate way to ensure accessibility, inclusiveness and delivery of healthcare services in an affordable and efficient manner. However, rising cyber-threat is one of the biggest concerns for healthcare organizations. The data breach incidents on Indian Council of Medical Research and on Covid-19 vaccine database in 2023 highlight the utter need to address the issue. To mitigate such incidents, India has established Computer Emergency and Response Team (CERT-In) which has been endowed with primary responsibility to prevent, treat, respond and report such threats. Although, CERT-In is responsible to report any cyber-incident but there is no information concerning the affected organizations and on frequency and severity of such cyber-incidents.  It is doubtful as to how any authority is supposed to respond in lack of data or policy makers formulate a comprehensive framework to deal with the issue. CERT-In faces challenges in accurately reporting cyber incidents and contain discrepancies compared to other organizations' data and lacking detailed incident information. This research aims to analyze government records and secondary sources to understand the cyber-threat landscape, particularly in the healthcare industry.  Using normative and comparative methods, it suggests measures which can be adopted by CERT-In based on assessments of U.S. and E.U. reporting practices. Findings stress the need for improved reporting practices and transparency in cybersecurity assessments to enhance data accuracy and completeness, urging policymakers and stakeholders to take action against cyber threats. 

Biografía del autor/a

Niharika Raizada, Gujarat National Law University

Gujarat National Law University, Gandhinagar

Mamata Biswal, Gujarat National Law University, Gandhinagar

Gujarat National Law University, Gandhinagar

Citas

Abraham, C., Chatterjee, D., & Sims, R. R. (2019). Muddling through cybersecurity: Insights from the U.S. healthcare industry. Business Horizons, 62(4), 539–548. https://doi.org/10.1016/j.bushor.2019.03.010

Keshta, I., & Odeh, A. (2021). Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal, 22(2), 177–183. https://doi.org/10.1016/j.eij.2020.07.003

Ibarra, J., Jahankhani, H., & Kendzierskyj, S. (2019). Cyber-physical attacks and the value of healthcare data: Facing an era of cyber extortion and organised crime. In H. Jahankhani, S. Kendzierskyj, A. Jamal, G. Epiphaniou, & H. Al-Khateeb (Eds.), Blockchain and Clinical Trial: Securing Patient Data (pp. 115–137). Springer International Publishing. https://doi.org/10.1007/978-3-030-11289-9_5

Kumar, D. (2023, June 6). AIIMS Delhi hit by fresh cyberattack for second time in a year. Mint. https://www.livemint.com/news/india/aiims-delhi-hit-by-fresh-cyberattacks-details-here-11686061994629.html

Ghosh, S. (2022, November 17). Indian healthcare firms face over 2.78L cyberattacks each month; 2nd to the US. ETCISO; Economic Times. https://ciso.economictimes.indiatimes.com/about_us.php?utm_source=main_menu&utm_medium=newsDetail

Biasin, E. (2020). Healthcare critical infrastructures protection and cybersecurity in the EU: Regulatory challenges and opportunities. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3827114

CERT-In. (2022), Addition of mandated activity. Retrieved from https://www.cert-in.org.in/PDF/Addition_of_Mandated_Activity.pdf

Committees - H.R.5440 - 117th Congress (2021-2022): Cyber Incident Reporting for Critical Infrastructure Act of 2021. (2021, October 1). https://www.congress.gov/bill/117th-congress/house-bill/5440/committees

Cost of Data Breach. (2023a). IBM. https://www.ibm.com/downloads/cas/E3G5JMBP

Cost of Data Breach. (2023b). IBM. https://www.ibm.com/downloads/cas/E3G5JMBP

European Union. (2022). Directive (EU) 2022/2555 of the European Parliament and of the Council of 8 December 2022 on cybersecurity of network and information systems [Eur-Lex Legislation]. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2555

India Cyber Threat Report. (2023a). Data Security Council of India. https://www.dsci.in/files/content/knowledge-centre/2023/India-Cyber-Threat-Report-2023_0.pdf

India Cyber Threat Report. (2023b). Data Security Council of India. https://www.dsci.in/files/content/knowledge-centre/2023/India-Cyber-Threat-Report-2023_0.pdf

Misra, A., & Chacko, M. (2021). Square pegs, round holes, and Indian cybersecurity laws. International Cybersecurity Law Review, 2(1), 57–64. https://doi.org/10.1365/s43439-021-00026-7

Mittal, A., Saxena , H., & Tripathi , I. (2022a). Increased Cyber Attacks on the Global Healthcare Sector. CloudSek. https://www.cloudsek.com/whitepapers-reports/increased-cyber-attacks-on-the-global-healthcare-sector

Mittal, A., Saxena , H., & Tripathi , I. (2022b). Increased Cyber Attacks on the Global Healthcare Sector. CloudSek. https://www.cloudsek.com/whitepapers-reports/increased-cyber-attacks-on-the-global-healthcare-sector

Quick Heal Annual Threat Report 2022. (2023a). Quick Heal Technologies. https://www.quickheal.co.in/documents/threat-report/quick-heal-annual-threat-report-2023.pdf

Quick Heal Annual Threat Report 2022. (2023b). Quick Heal Technologies. https://www.quickheal.co.in/documents/threat-report/quick-heal-annual-threat-report-2023.pdf

Seqrite annual threat report 2022. (2022a). Retrieved 23 March 2024, from https://www.seqrite.com/seqrite-annual-threat-report-2021#dflip-df_book_full/1/

Seqrite annual threat report 2022. (2022b). Retrieved 23 March 2024, from https://www.seqrite.com/seqrite-annual-threat-report-2021#dflip-df_book_full/1/

Tully, J., Selzer, J., Phillips, J. P., O’Connor, P., & Dameff, C. (2020). Healthcare challenges in the era of cybersecurity. Health Security, 18(3), 228–231. https://doi.org/10.1089/hs.2019.0123

Descargas

Publicado

2024-05-22

Número

Vol. 16 Núm. 42 (2024): Ahead of print

Sección

Artigos

Licencia

Derechos de autor 2024 Niharika Raizada, Mamata Biswal

Creative Commons License

Esta obra está bajo una licencia internacional Creative Commons Atribución 4.0.

Tal como recomienda el Public Knowledge Project, RCD adopta para sus artículos una licencia CREATIVE COMMONS: Attribution CC BY 4.0

Esta licencia permite que otros distribuyan, remezclen, adapten y desarrollen su obra, incluso con fines comerciales, siempre que le atribuyan a usted el mérito de la creación original.

Esta es la licencia más adecuada que se ofrece.

Recomendado para la máxima difusión y utilización de los materiales bajo licencia.