Recently, an exclusive report from The Economic Times has unveiled that almost one million medical files of Indian patients were openly accessed online. With zero security measures for the privacy of sensitive details like patients’ names, addresses, date of birth, mobile numbers, Identification numbers, ailment types, physician details et al, a couple of reputed hospitals and medical centers have to answer many questions related to data privacy. Besides, X-ray reports, MRI reports and scan test results were also easily accessed which includes both patients’ and doctors’ details, who have referred and reviewed the cases. The servers on which these records were stored were highly vulnerable to unauthorized access. The research team of The Economic Times even found easy access to a web portal link which allowed access and download of medical images and reports. The IT systems clearly lacked authentication mechanisms while giving access to sensitive data. DICOM (Digital Imaging and Communications) is a kind of file format that is used in the medical industry to store and share medical images. These images are saved in PACS (Picture Archiving and Communications System) server, which allows easy access to the medical files. In the above incident, there were no security measures adopted to protect the privacy of sensitive data. PACS server didn’t have any credentials to authorize the users who are accessing it to read or download medical files.

How can we reinforce data privacy?

The digital transformation which is happening in every industry including the medical sector can be jeopardized if IT security aspects are not taken care of. Today, organized cybercriminals are leaving no stone unturned from where they can steal data and reap monetary benefits through various illegal means. In cyberspace, there has been constant news of data breach and data misuse. Hence, there is an increasing need to have stringent guidelines and IT security framework to protect the integrity of confidential data.

Regulatory framework

The Personal Data Protection (PDP) Bill introduced by the Government of India recently, is a step towards Data Privacy and Data Security. The bill envisages a certain framework which ensures that the processing of any personal public data should be secured from any kind of compromise and maintain Indian citizens’ data integrity and security. In addition to the Reserve Bank of India Circular on Information Security, there are other global regulatory standards such as the GDPR and HIPAA that calls for seamless monitoring and controlling of end-users access to confidential information. Bottom Line: It's time for the medical industry, which is expected to suffer data breaches worth $4 billion in 2020 (as per research by HIPAA journal) to take adequate and immediate steps towards digital security and maintain data privacy of the patients and doctors. Check here : How ARCON | PAM is compliant to HIPAA Regulatory Standards.

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Endpoint Privilege Management mitigates risks arising out of endpoints. ARCON | Secure Compliance Management is a vulnerability assessment tool.