For the United Kingdom's National Health Service, ransomware is its biggest concern. The British healthcare networks are being protected during the COVID-19 pandemic to avoid a repeat of May 2017 when WannaCry hit some of its critical health infrastructure, crippling ambulance movements, emergency services and patient appointments, and spreading panic. The United States recently learnt its lesson battling DarkSide ransomware which shut down operations of the US gas supplier Colonial Pipeline last week. The FBI has issued an alert to all its critical infrastructure to beware of ransomware attacks and reduce vulnerabilities immediately.
But Ireland hadn't learnt its lesson. The Irish healthcare system was hit by a sophisticated ransomware on May 14 forcing its IT systems to shut down in emergency. As a result, diagnostic services were hit and so were COVID-19 testing facilities and hospital appointments.
As cyber security czars around the world watched Ireland Prime Minister Micheal Martin respond, “We are very clear we will not be paying any ransom”, the Indian cyber security czars were busy analysing the chinks in the domestic healthcare IT systems to plug the gaps.
At a time when its healthcare systems are already under strain, India cannot afford to face another ransomware attack.
While the national cyber security coordinator in the National Security Council Secretariat is the nodal authority for cyber security efforts, the fresh threats lurking in the cyber space have put all agencies on alert. The pharma industry is already on alert and so are the vaccine makers. “We have already sensitized the healthcare providers and hospitals. There should be no reason to panic,'' said an official.
The Cyber Emergency Response Team which analyses the latest threats is working closely with government and private sectors to build robust mechanisms to avert and handle such threats. An official who has handled cyber attacks in the past said what can save India from a big ransomware attack is the fact that still a large chunk of the delivery of public healthcare services are offline. But that doesn’t mean India need not worry , he said. “Cyber attacks on a single hospital or network where ventilators and other Patient care systems are interlinked can create havoc,” he said.
Meanwhile, the cyber and information security division in the MHA is also on its toes. The central response to the COVID-19 pandemic is being handled by the home ministry which is coordinating with other central ministries and state governments.
''We have been trying to ensure all the networks engaged in resources management are secure,'' said a government official.
A cyber security expert, however, admitted that about 85 per cent of the technical system in the country is still weak, which benefits hackers especially at a time when people are working remotely and networks are not secure.
Ransomware attacks on India have intensified from 2018 and 2019 where the hackers first tried to extract large amounts of sensitive information before encrypting the victim's database and looking for newer targets each time.
Advocate Prashant Mali, a leading cyber and privacy lawyer in Mumbai, said many of Indian health care systems are not interlinked nor are they highly networked.
''The public healthcare systems and networks need to be secure. I do not think the big hospital chains need to worry. In the wake of any ransomeware attacks, they should disconnect the health related devices and operation theatres from the internet as well as disconnect it from internal LAN network immediately,'' he said.
Cyber security experts in the government said they have been drawing lessons from other countries time and again. They said several basic steps are important which included keeping a physical backup of all the systems in a non-connected environment.
''In India, there is not enough knowledge about cyber security and the investment is very less when it comes to putting in place secure networks. Most of the cyber attacks are a result of carelessness,'' said Khushhal Kaushik who heads a cyber security firm in Gurgaon.
