The story of the
impressive growth of India's healthcare sector records as many challenges as
opportunities. Safe guarding data is a huge challenge as the healthcare
industry in India continues to grow in leaps and bounds.
In this digital
age, information is valued more than money. Organizations are finding ways and
means to safeguard their data, irrespective of the industry they belong to.
Medindia heard Mr. Sridhar Iyengar, Vice President - Product Management,
ManageEngine (division of Zoho Corp)
elaborate on the challenges
faced by the healthcare industry in India while detecting and preventing data
Q. How serious are the breach
events in the healthcare industry that call for urgent measures to keep
information security threats at bay?
Healthcare is a major industry where data
protection is of paramount importance, because it not only involves the
interests of the hospital as an organization but most importantly the lives of
its patients. Information is so critical that it cannot be left for easy access
because hospital is one place where you have a lot of transitory population.
First, if the patient information is stolen via breach, the entity loses its
reputation and the patients sue for compensation, which would cost many times
more than setting up an IT security management infrastructure. Apart from that,
the hacker usually sells the information, further complicating the issue.
Increased adoption of cloud computing and virtualization in the
healthcare industry has resulted in an explosion of data center operations
across the globe. This trend creates multiple challenges for data center
administrators in IT organizations. Virtualization with increased reliance on
remote access itself creates the biggest challenge for information security.
With a variety of people, including insiders (system/network administrators,
engineers, and technicians) having privileged access and trusted outsiders like
contractors requiring remote access, it has to be fully controlled, properly
managed, and closely monitored.
Q. Please explain some challenges faced by
healthcare industry while manually analyzing huge data?
The challenge of manually analyzing data starts
with data collection. In the healthcare industry, there is no limit on the data
collected, ranging from the patients' history and medication to hospital
facilities, infrastructure, and the like. When it comes to IT security,
collecting log data from heterogeneous sources to a central place can be a
daunting task for most IT administrators.
To analyze the log data generated during each transaction for relevant security and business intelligence
is a humongous task. Hence, manually analyzing large volume of data is not
possible, and it is more prone to errors. It may take weeks to months to
analyze a day's data! Secondly, analyzing the log data manually doesn't adhere
to global compliance norms. Generating insightful reports, dashboards, and
graphical formats in order to make the log data
more meaningful for auditing purpose and other purposes is not possible
with manually analyzing huge data. Searching the root cause of a network
problem or spotting a pattern in events is impossible with manual processes.
Tracking for suspicious user behaviordata thefts, outages, and system crashes
can be caused by the most trusted employees, and users who have privileged
access to business-critical applications, devices, systems, and files need
automation in log analysis.
Q. Can you outline some trends
in Security Information and Event Management (SIEM)?
The Healthcare sector in the US needs to comply
with HIPAA, now HITECH (Health Information
Technology for Economic and Clinical Health)
, thus making the adoption of SIEM solutions mandatory. This will
continue to be the driving factor for the growth of SIEM market in the US, and
other developed countries. Need to comply with global industry standards in the
healthcare industry will further trigger the need for SIEM solutions in the
With growing network security threats and increasing complexity in IT
management, SIEM is becoming the need of the hour. In general, regulatory compliance and threat monitoring are the
important driving factors for SIEM adoption in India. According to an
industry report, the growing demand for SIEM adoption in India is high in
healthcare and pharmaceutical, next to BFSI (Banking, Financial services and
Insurance) and telecom.
There is an increasing push for SIEM in enterprises and mid-sized companies.
With a greater spur of startups in India, it is expected that the startups in
healthcare and allied healthcare industries will embrace SIEM in the near
Q. Ensuring security and
privacy in healthcare environments is a matter of global concern.
Tell us some challenges that are India-specific in this field and how do
you plan to overcome them?
In the US, the healthcare industry is better
organized. The hospitals, clinics, and insurance companies are closely knit.
Privacy and control of data transaction is top priority. The European Union
countries are catching up with this. In India, it is still at a nascent stage.
Unlike in the US, in India the hospitals and insurers are loosely coupled and
everything is paper-documented. Cashless medication and treatment is very less
compared to direct cash. But we are seeing that compliances like HIPAA and
PCI-DSS are catching up in India at a good pace. Like the developed countries,
we are expecting the government to make such compliances mandatory so the hospitals
can ensure that the customer's data is secure.