Managerial learnings from the AIIMS cyber-attack underline the urgent need for solutions that can enable the highly vulnerable healthcare organisations in India to meet acceptable cyber-security standards
On November 23, 2022, the All India Institute of Medical Science (AIIMS) New Delhi—the premier Indian national medical institute’s entire digital infrastructure collapsed due to a ransomware cyber-attack launched by Chinese hackers. Dubbed by experts as one of the biggest cyber-attacks on Indian critical infrastructure, the cyber-beach led to the compromise of sensitive medical and personal data of approximately four crore patients. On a bigger social impact scale, the breach ensured that effective digitally-driven (automated) medical care within the hospital was disrupted—much to the scare of patients and their kin. This disruption took the shape of system processes within the hospital. Processes had to be run manually—which often can't bear the time-critical patient service demand given the scarce resource (employee time and effort) supply. In this article, we state the major cybersecurity issues that plagued AIIMS—and true of most other hospitals in the country—and provide a gist of management action items to boost cybersecurity in hospital environments.
[This article has been published with permission from IIM Calcutta. www.iimcal.ac.in Views expressed are personal.]