India ranked second in the world in cyber-attacks on healthcare systems in 2021, according to a survey produced by CloudSEK, an artificial intelligence startup that deals with cyber risks. Last year, India accounted for 7.7% of all cyber-attacks on healthcare institutions. Due to the extensive digitisation of the health sector, as well as massive investments and growth potential in the industry, the United States recorded the largest number of cyber-attacks and breaches in 2021, at 28%. Cyber-attacks on the healthcare industry increased 95.35% globally in the first four months of this year compared to the same time in 2021.
The Union Health Ministry’s Ayushman Bharat Digital Mission involves digitising patient health records for seamless paperless interchange. Each person will be assigned a health account number, and medical records will be stored online. However, cyber experts have expressed alarm about the potential misuse of holding vast amounts of digital medical records.
Shashi Tharoor, a Congress MP from Thiruvananthapuram, raised the AIIMS cyber-attack concern in the Lok Sabha on Wednesday, saying that the situation should be thoroughly examined. He further stated that these attacks illustrate our country’s lax data protection procedures, particularly by government entities. The Personal Data Protection Bill 2019 established a unique category of sensitive personal data, including health data, that required strong safeguards, but this has been eliminated in the government’s new draught bill.
As per the Ministry of Electronics and Information Technology, a new draft bill has been prepared, titled ‘The Digital Personal Data Protection Bill, 2022’ and has invited feedback from the public as part of its public consultation exercise. The draught bill outlines the rights and duties of the citizen (Digital Nagrik) as well as the Data Fiduciary’s duty to utilise the obtained data lawfully. It envisages the establishment of a Data Protection Board of India as part of the compliance framework to determine non-compliance with the provisions of the proposed bill, impose penalties for such non-compliance, and perform such other functions as the Central Government may assign to it under the provisions of the draft bill or any law.
The attack compromised several user account information and personal data of the individuals as well as several stakeholders including large pharmaceuticals and insurance companies, which is an infringement on the privacy of any citizen. However, the government is fixing the problems very lucidly while considering the Supreme Court’s judgement on the Right to Privacy given by the nine-judge bench in 2017 that accepts the Right to Privacy as a fundamental right but not an absolute right and it has separated from other existing Fundamental Rights in India..