Threats posed by China-based hackers to healthcare facilities at a time when the COVID-19 vaccine rollout has begun has put cyber intelligence agencies on alert. A Singapore-based cyber intelligence firm reportedly found Chinese hackers targeting databases of Indian COVID-19 vaccine makers.
While there is no official word confirming the threat, security officials said with India emerging as a leading vaccine manufacturer, threats from China-based hackers to critical healthcare facilities are real and cannot be easily dismissed.
Cyber experts are now demanding that healthcare and COVID-19 vaccine manufacturers should be declared critical infrastructure by the National Critical Information Infrastructure Protection Centre (NCIIPC), the national nodal agency to protect critical infrastructure and databases in the country.
“Tight firewalls and cyber security protocols are in place to protect the IT systems of Indian vaccine makers, but more steps need to be taken for cyber security,” said an official.
The NCIIPC functions under the National Technical Research Organisation (NTRO), and safeguards core sectors such as banking, telecom, transport, power and energy, government, public and private strategic enterprises against cyber terrorism, cyber warfare and other threats.
“The threats from cyber attacks to healthcare facilities, especially during the pandemic, have risen,” said a senior government official. After the vaccine rollout, the concerns have only increased, the official said.
According to advocate Prashant Mali, hacking systems of vaccine manufacturers and changing the formulation to make it ineffective or lethal is the greatest threat the vaccine manufacturers are presently facing.
According to Mali, the vaccine makers are also vulnerable to IP theft by China and other countries or state-sponsored hackers. “Imagine a scenario when system gets locked by some ransomware during peak vaccine production. This will put all estimates of vaccination in limbo and effect the economy too,” he said.
It may be recalled that earlier the Aadhaar database was said to be facing cyber threats and the NCIIPC stepped in to carry out the threat analysis and counter it effectively.
The NCIIPC gets hold of any infected systems to carry out forensic analysis to understand the possible origin, modus operandi and scope of the cyber attacks.
The COVID-19 pandemic has kept the cyber intelligence community on its toes and the NCIIPC has been busy issuing advisories to government, public and private strategic units, asking them to identify all critical functions and delivery of services operationalised by the government.
All government, private and public strategic units had been asked to carry out risk assessments, protect applications and data from large-scale cyber attacks and prioritise cyber security.
However, officials in cyber units of both central and state police forces said cyber security is still not a priority area for many, especially in healthcare, and not enough investment is being made in the field which continuously poses a risk to the critical functions of delivering services.