DHN Forum Mumbai Spotlights Effective Ways Fortifying Defense Amid Rising Healthcare Cyberattacks

From continuous risk assessment to cyber resiliency, the panel discussion at DHN Forum Mumbai underscored the multifaceted nature of cybersecurity in healthcare.

As the Indian healthcare industry embraces digital transformation, a crucial panel discussion at the recent DHN Forum Mumbai highlighted the escalating cybersecurity threats plaguing the sector.

The DHN Forum Mumbai, held at the Taj Land’s End in Bandra, brought together key stakeholders in the healthcare and technology sectors to discuss the crucial topic of cybersecurity and risk management in the age of digital health transformation.

The panel discussion, titled "Advancing Cybersecurity & Managing Risk in the Age of Digital Health Transformation," featured prominent experts including Kumar KV, CIO of Narayana Health; Dr Makarand Sawant, VP-IT of Sahyadri Hospitals; Ganesh Chellappa, head of Support Services – PAM, ManageEngine; and Vijay Pawar from Dell Technologies.

Aravind Sivaramakrishnan, CIO of Karkinos Healthcare, moderated the session.

Key Takeaways

The Importance of Continuous Risk Assessment

Dr Sawant emphasized a structured approach to risk management, outlining three critical pillars: people, processes, and technology.

He identified people as the weakest link, highlighting the need for continuous education to mitigate external threats.

"A lot of education will have to go into making employees understand that casual approaches towards external communications can lead to major breaches," Dr Sawant noted.

He also underscored the importance of continuous risk assessment, advocating for quarterly evaluations to stay ahead of evolving threat vectors.

Cyber Resiliency: A Shift from Prevention to Recovery

Pawar of Dell Technologies discussed the evolution from traditional cybersecurity to cyber resiliency.

He argued that the focus should not only be on preventing attacks but also on ensuring recovery capabilities in the event of a breach.

"The objective of cybersecurity has shifted from 'what if' to 'when' an attack happens. Organizations must be equipped with solutions to recover data," Pawar stated.

He stressed the importance of a solid foundation for cyber recovery and data protection, noting that many organizations are not yet confident in their ability to recover from breaches.

Layered Cybersecurity Approach

Ganesh Chellappa from ManageEngine advocated for a layered approach to cybersecurity, emphasizing the need for comprehensive solutions that cover various aspects of an organization's infrastructure.

He highlighted three core pillars: cybersecurity, compliance, and automation.

"If you can authorize and authenticate any interaction happening between users, devices, networks, applications, and data, you have significantly reduced the cyber attack surface," Chellappa explained.

He also pointed out the importance of security frameworks like zero trust and least privilege models.

Financial Implications and Board-Level Conversations

Kumar KV from Narayana Health discussed the financial implications of cybersecurity breaches, particularly in light of new regulations.

He pointed out that significant fines, such as the INR 250 Cr penalty stipulated by the DPDP, necessitate board-level conversations and strategic planning.

"The first thought of even getting fined for INR 250 crores is daunting. It shows the seriousness of the government about data breaches," Kumar said.

He outlined a roadmap involving understanding data collection needs, implementing appropriate controls, and continuous improvement to mitigate risks over 18 to 24 months.

Practical Advice for Organizations

When asked about the criteria for selecting cybersecurity vendors, both Pawar and Chellappa provided practical advice.

Pawar recommended focusing on modernizing data protection with zero trust architecture and ensuring data immutability to prevent cybercriminals from targeting backup infrastructures.

Whereas, Chellappa advised looking for vendors who offer comprehensive cybersecurity ecosystems and prioritize security hygiene through continuous staff training.

Emphasis on the Human Factor

Additionally, Dr Sawant and Kumar KV both emphasized the critical role of the human factor in cybersecurity.

Dr Sawant highlighted the need for ongoing training for healthcare staff, who come from diverse backgrounds and have varying levels of technological proficiency.

"Training and orientation are crucial, given that healthcare staff are both blue-collared and white-collared, with different priorities and backgrounds," Dr Sawant said.

Kumar KV added that understanding the specific problems organizations are trying to solve, rather than focusing solely on product features, is key to effective cybersecurity.

Conclusion

The panel discussion at DHN Forum Mumbai underscored the multifaceted nature of cybersecurity in healthcare.

As digital health transformation accelerates, continuous risk assessment, a shift towards cyber resiliency, a layered approach to security, and a strong emphasis on human factors and organizational culture are essential.

The insights provided by the panelists offer a roadmap for healthcare organizations to navigate the complex landscape of cybersecurity and manage risks effectively.

By focusing on these strategies, healthcare providers can not only protect sensitive patient data but also build trust and resilience in their digital infrastructures, ensuring a secure future in the age of digital health transformation.