Pharma data breaches should stop once data protection law comes into force
Na Vijayshankar reports:
Three major cyber attacks in the Indian pharma industry in the last few months have left people wondering whether there is a pattern indicating the reason for this spurt. First was the Breach Candy Hospital one in February 2020 where over 121 million medical records were compromised. Of these, 120 million were images stored in the Digital Imaging and Communications in Medicine system consisting of X-rays, scan reports, etc. One million records contained Aadhaar information, medical history, etc. The data breach reportedly occurred because the access system of the hospital was compromised. Though this was an alarming data breach, the matter was hushed up and there was no apparent investigation by the Indian Computer Emergency Response Team (CERT-IN) or any further announcements in the media.
Hushed up or downplayed, indeed. That is a big breach and it never showed up in any of this site’s news searches. This is the first this site is learning about that one.
In October 2020, Dr Lal PathLabs reported a data breach of millions of records because their Cloud records reportedly did not have a password for access. Again, this was brushed under the carpet and no action was initiated by CERT-IN.
More recently, Dr Reddy’s Laboratories, which was testing a Covid vaccine from Russia, was attacked. Questions must be asked whether the lack of prompt action by CERT-IN earlier emboldened the criminals to continue their attacks on these pharma companies, which are soft targets holding highly valuable data assets.
Read more on IndiaLegal. The author offers an informed perspective on what a constructive approach to reducing breaches in this sector might look like.