The story of the impressive growth of India's healthcare sector records as many challenges as opportunities. Safe guarding data is a huge challenge as the healthcare industry in India continues to grow in leaps and bounds.
In this digital age, information is valued more than money. Organizations are finding ways and means to safeguard their data, irrespective of the industry they belong to. Medindia heard Mr. Sridhar Iyengar, Vice President - Product Management, ManageEngine (division of Zoho Corp) elaborate on the challenges faced by the healthcare industry in India while detecting and preventing data breaches.
AdvertisementQ. How serious are the breach events in the healthcare industry that call for urgent measures to keep information security threats at bay?
A. Healthcare is a major industry where data protection is of paramount importance, because it not only involves the interests of the hospital as an organization but most importantly the lives of its patients. Information is so critical that it cannot be left for easy access because hospital is one place where you have a lot of transitory population. First, if the patient information is stolen via breach, the entity loses its reputation and the patients sue for compensation, which would cost many times more than setting up an IT security management infrastructure. Apart from that, the hacker usually sells the information, further complicating the issue.
Increased adoption of cloud computing and virtualization in the healthcare industry has resulted in an explosion of data center operations across the globe. This trend creates multiple challenges for data center administrators in IT organizations. Virtualization with increased reliance on remote access itself creates the biggest challenge for information security. With a variety of people, including insiders (system/network administrators, engineers, and technicians) having privileged access and trusted outsiders like contractors requiring remote access, it has to be fully controlled, properly managed, and closely monitored.
Q. Please explain some challenges faced by healthcare industry while manually analyzing huge data?
A. The challenge of manually analyzing data starts with data collection. In the healthcare industry, there is no limit on the data collected, ranging from the patients' history and medication to hospital facilities, infrastructure, and the like. When it comes to IT security, collecting log data from heterogeneous sources to a central place can be a daunting task for most IT administrators.
To analyze the log data generated during each transaction for relevant security and business intelligence is a humongous task. Hence, manually analyzing large volume of data is not possible, and it is more prone to errors. It may take weeks to months to analyze a day's data! Secondly, analyzing the log data manually doesn't adhere to global compliance norms. Generating insightful reports, dashboards, and graphical formats in order to make the log data more meaningful for auditing purpose and other purposes is not possible with manually analyzing huge data. Searching the root cause of a network problem or spotting a pattern in events is impossible with manual processes. Tracking for suspicious user behaviordata thefts, outages, and system crashes can be caused by the most trusted employees, and users who have privileged access to business-critical applications, devices, systems, and files need automation in log analysis.
Q. Can you outline some trends in Security Information and Event Management (SIEM)?
A. The Healthcare sector in the US needs to comply with HIPAA, now HITECH (Health Information Technology for Economic and Clinical Health), thus making the adoption of SIEM solutions mandatory. This will continue to be the driving factor for the growth of SIEM market in the US, and other developed countries. Need to comply with global industry standards in the healthcare industry will further trigger the need for SIEM solutions in the developing economies.
With growing network security threats and increasing complexity in IT management, SIEM is becoming the need of the hour. In general, regulatory compliance and threat monitoring are the important driving factors for SIEM adoption in India. According to an industry report, the growing demand for SIEM adoption in India is high in healthcare and pharmaceutical, next to BFSI (Banking, Financial services and Insurance) and telecom.
There is an increasing push for SIEM in enterprises and mid-sized companies. With a greater spur of startups in India, it is expected that the startups in healthcare and allied healthcare industries will embrace SIEM in the near future.
Q. Ensuring security and privacy in healthcare environments is a matter of global concern. Tell us some challenges that are India-specific in this field and how do you plan to overcome them?
A. In the US, the healthcare industry is better organized. The hospitals, clinics, and insurance companies are closely knit. Privacy and control of data transaction is top priority. The European Union countries are catching up with this. In India, it is still at a nascent stage. Unlike in the US, in India the hospitals and insurers are loosely coupled and everything is paper-documented. Cashless medication and treatment is very less compared to direct cash. But we are seeing that compliances like HIPAA and PCI-DSS are catching up in India at a good pace. Like the developed countries, we are expecting the government to make such compliances mandatory so the hospitals can ensure that the customer's data is secure.