The use of this site and the content contained therein is governed by the Terms of Use. When you use this site you acknowledge that you have read the Terms of Use and that you accept and will be bound by the terms hereof and such terms as may be modified from time to time.
All text, graphics, audio, design and other works on the site are the copyrighted works of nasscom unless otherwise indicated. All rights reserved.
Content on the site is for personal use only and may be downloaded provided the material is kept intact and there is no violation of the copyrights, trademarks, and other proprietary rights. Any alteration of the material or use of the material contained in the site for any other purpose is a violation of the copyright of nasscom and / or its affiliates or associates or of its third-party information providers. This material cannot be copied, reproduced, republished, uploaded, posted, transmitted or distributed in any way for non-personal use without obtaining the prior permission from nasscom.
The nasscom Members login is for the reference of only registered nasscom Member Companies.
nasscom reserves the right to modify the terms of use of any service without any liability. nasscom reserves the right to take all measures necessary to prevent access to any service or termination of service if the terms of use are not complied with or are contravened or there is any violation of copyright, trademark or other proprietary right.
From time to time nasscom may supplement these terms of use with additional terms pertaining to specific content (additional terms). Such additional terms are hereby incorporated by reference into these Terms of Use.
Disclaimer
The Company information provided on the nasscom web site is as per data collected by companies. nasscom is not liable on the authenticity of such data.
nasscom has exercised due diligence in checking the correctness and authenticity of the information contained in the site, but nasscom or any of its affiliates or associates or employees shall not be in any way responsible for any loss or damage that may arise to any person from any inadvertent error in the information contained in this site. The information from or through this site is provided "as is" and all warranties express or implied of any kind, regarding any matter pertaining to any service or channel, including without limitation the implied warranties of merchantability, fitness for a particular purpose, and non-infringement are disclaimed. nasscom and its affiliates and associates shall not be liable, at any time, for any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communications line failure, theft or destruction or unauthorised access to, alteration of, or use of information contained on the site. No representations, warranties or guarantees whatsoever are made as to the accuracy, adequacy, reliability, completeness, suitability or applicability of the information to a particular situation.
nasscom or its affiliates or associates or its employees do not provide any judgments or warranty in respect of the authenticity or correctness of the content of other services or sites to which links are provided. A link to another service or site is not an endorsement of any products or services on such site or the site.
The content provided is for information purposes alone and does not substitute for specific advice whether investment, legal, taxation or otherwise. nasscom disclaims all liability for damages caused by use of content on the site.
All responsibility and liability for any damages caused by downloading of any data is disclaimed.
nasscom reserves the right to modify, suspend / cancel, or discontinue any or all sections, or service at any time without notice.
For any grievances under the Information Technology Act 2000, please get in touch with Grievance Officer, Mr. Anirban Mandal at data-query@nasscom.in.
The healthcare industry has become increasingly reliant on technology to manage patient data, monitor medical devices, and deliver remote care. However, this reliance on digital systems has also increased the risk of cybersecurity breaches, leaving sensitive patient information vulnerable to theft or misuse. The healthcare sector suffered about 337 breaches in the first half of 2022 alone, according to Fortified Health Security’s mid-year report. More than 19 million records were implicated in healthcare data breaches in the year’s first six months. What’s more, IBM’s annual “Cost of a Data Breach” report showed that the average cost of a healthcare data breach is now $10.1 million per incident, signifying a 9.4 percent increase from its 2021 report.
Why is healthcare a prime target for cybercriminals?
The healthcare industry is a prime target for cybercriminals due to the vast amount of sensitive/PHI information it holds, including medical records, insurance information, and personal identifiers like social security numbers. This information is highly valuable on the black market, where cybercriminals can sell it for a high price.
Moreover, patient data is often more valuable than credit card information or other types of personal data because it can be used for a wide range of fraudulent activities. For example, a cybercriminal who gains access to a patient’s medical records can use that information to commit insurance fraud, obtain prescription drugs illegally, or even threaten the patient’s safety. Additionally, medical records can include highly personal and sensitive information that patients may not want to be made public, which can cause significant emotional harm if exposed.
Healthcare organizations are often more vulnerable to cyberattacks due to a lack of investment in cybersecurity or a lack of awareness about the importance of cybersecurity. They are focused on providing high-quality care to patients, and cybersecurity may not be a priority for them. This can make them easy targets for cybercriminals who are looking for vulnerabilities in their systems.
Common threats to healthcare cybersecurity
There are several common threats to healthcare cybersecurity that healthcare providers should be aware of. These include:
Ransomware: Ransomware is a type of malware that encrypts data on a system, making it inaccessible until a ransom is paid to the attacker. These attacks on healthcare providers have increased dramatically in recent years, with cybercriminals targeting everything from small clinics to large hospital networks.
Phishing attacks: Phishing attacks are fraudulent emails or messages that appear from a legitimate source but contain malicious links or attachments. If an unsuspecting employee clicks on the link or opens the attachment, it can infect the entire system with malware or give attackers access to sensitive data.
Insider threats: Insider threats occur when employees intentionally or unintentionally expose sensitive data. This includes employees who mishandle patient information, accidentally download malware, or steal data for personal gain.
Third-party breaches: Third-party breaches occur when a vendor or partner is compromised and exposes patient data. Healthcare organizations often work with a wide range of vendors, from software providers to medical device manufacturers, and each of these vendors presents a potential vulnerability in the system.
Unsecured IoT devices: The Internet of Things (IoT) has become increasingly popular in the healthcare sector, with devices such as medical wearables and remote monitoring tools being used to manage patient care. However, these devices can also present security risks if they are not properly secured, as they can provide an entry point for cybercriminals to access the larger system.
Supply chain attacks: Supply chain attacks occur when attackers compromise a supplier or vendor and use that access to infiltrate the larger system. This type of attack can be particularly devastating in healthcare, where a single compromised vendor could expose patient data across multiple healthcare providers.
These threats are just a few of the many cybersecurity risks facing healthcare providers today. To protect patient data, healthcare organizations must be vigilant in monitoring their systems for suspicious activity and implementing best practices for data security.
Unstructured data: The root cause of security breaches
Every second, an exponential amount of healthcare data is generated and mined for valuable insights. Today, approximately 30% of the world’s data volume is being generated by the healthcare industry. By 2025, the compound annual growth rate of data for healthcare will reach 36%. That’s 6% faster than manufacturing, 10% faster than financial services, and 11% faster than media & entertainment.
Data is one of the most important assets every business owns. But the challenges arises when majority of this data is unstructured. According to Gartner, 80 to 90 percent of data generated today is unstructured. And make things worse only 12% of this data is analyzed. Unstructured data is a type of data that is not easily searchable or organized, such as handwritten notes, voice recordings, images, and other types of media. This causes data sprawls – in short – its data where you don’t have any visibility or knowledge and thereby cannot take any action to put it to use.
In healthcare, data sprawl is a significant challenge due to the vast amount of data generated by healthcare providers, patients, and medical devices. Unstructured data in healthcare can include medical notes, imaging studies, lab reports, and other forms of patient data. The use of unstructured data is prevalent in healthcare, as many healthcare providers use electronic health record (EHR) systems that allow for the capture and storage of different types of data. The use of unstructured data in healthcare can result in higher security breaches for several reasons.
Lack of Standardization: Categorizing and labeling unstructured data accurately can be challenging due to the lack of standardization, leading to data inconsistencies and confusion. This, in turn, can result in security vulnerabilities and data breaches.
Storage Complexity: Data when unstructured is stored in various locations and formats, making it harder to track and protect. This can create vulnerabilities in the system, increasing the risk of data breaches and other security threats.
Access Control Challenges: Unstructured data can be accessed by anyone who has access to the system, increasing the risk of unauthorized access and data breaches. This can be particularly problematic in healthcare, where patient data is highly sensitive and confidential.
Difficult to Monitor: Monitoring and auditing unstructured data for security purposes can be complex, making it harder for healthcare organizations to detect and respond to security threats promptly. This can result in increased risks of security incidents and data breaches.
Difficulty in Identification: Unstructured data can contain sensitive information that is not easily identifiable making it more challenging to detect cybersecurity threats, such as phishing attacks or malware infections. This is because the data may not be easily searchable or may be located in different parts of the healthcare organization’s network. For example, handwritten notes may contain personal health information that is not easily searchable, but can still be accessed by unauthorized individuals if the notes are not stored securely.
Vulnerabilities to Malware: Unstructured data is more susceptible to malware attacks, as many malware types can easily exploit vulnerabilities in unstructured data. This can lead to data breaches and other security incidents, further increasing the risk of security breaches in healthcare.
Compliance Issues: Healthcare organizations are subject to various regulations, such as HIPAA, that require them to protect patient data. Unstructured data can make it difficult to comply with these regulations, as it may be more challenging to ensure that all patient data is properly secured.
Overall, healthcare organizations must take steps to ensure that unstructured data is properly secured and managed to mitigate the cybersecurity risks associated with it. The first step is to identify, categorize, tag and index data as per its age, use and ownership. Characteristics such as file ownership, processes/departments that are the largest consumer of data, when files were created, when files were last accessed, and what type and size files are just some of the data points captured and provided for reporting and decision making.
This insight is valuable to identify security vulnerabilities, such as files or folders that have broad or universal access, and also provides insight into trends based on users or business units. In most enterprises, when employees leave, their “orphaned data” continues to reside in the same storage as when they were active employees. The orphaned data in most organizations eventually becomes a compliance challenge, as there is no owner for these files. Depending on the content, those files can present a potential exposure risk. Most environments have a large percentage of files that have not been touched since 30 days after creation. This leads to a massive primary and expensive storage sprawl without real value. As such, understanding the age and last access times of your files provides a means to clean up and tier enterprise data to lower-cost storage, be it local or in the cloud.
This is exactly what metadata analytics does.
The Role of Metadata analytics in Fortifying Enterprise Security
Metadata analytics is the process of analyzing metadata, which is data that provides information about other data. It includes information such as the date and time a file was created, the author of a document, the location of a file, and the file format. Metadata analytics involves using specialized software tools to extract and analyze this information to gain insights into how data is being used within an organization.
One of the main benefits is that it can help organizations better understand their data and how it is being used. For example, metadata analytics can be used to identify patterns in data access and usage, which can be used to improve data governance and security. It can also be used to identify data that is redundant or outdated, which can help organizations reduce storage costs.
Another key benefit is that it can be used to improve search and retrieval of data. By analyzing metadata, organizations can create more accurate and efficient search algorithms, making it easier for users to find the data they need.
There are several types of metadata analytics that can help fortify enterprise security. Here are a few:
Type
Description
Technical metadata analytics
Focuses on technical information about data, such as file format, file size, data type, data schema, and data source
Descriptive metadata analytics
Focuses on descriptive information about data assets, such as title, author, subject, and external keywords. Typically used for data discovery and search.
Administrative metadata analytics
Focuses on information related to data asset management, such as top-level access permissions, file ownership, the largest consumers of data, version control, and retention policies
Usage metadata analytics
Focuses on information about how data assets are used, such as frequency of access, duration of use, and user feedback
7-steps to get started
Healthcare enterprises should approach metadata analytics as a strategic initiative that requires careful planning, investment in tools and technology, and a commitment to ongoing data governance and quality improvement. Here are 7-steps to get started:
Define goals and objectives: The first step is to identify the specific goals and objectives of the metadata analytics initiative. These could include improving data quality, optimizing clinical workflows, enhancing patient outcomes, or reducing costs.
Identify data sources: Next, identify the sources of data that will be used for the analysis. This could include electronic health records (EHRs), claims data, lab data, or other sources.
Develop a metadata strategy: A metadata strategy is a plan for organizing and managing metadata to support the goals and objectives of the analytics initiative. This should include defining data models, data dictionaries, and metadata standards.
Implement metadata management tools: There are a variety of metadata management tools available that can help healthcare enterprises automate the process of collecting, managing, and analyzing metadata. These tools can help to streamline the metadata analytics process and improve the accuracy and completeness of the metadata.
Build a metadata repository: A metadata repository is a centralized database that stores metadata for use in analytics. It is important to build a repository that is scalable and flexible, so that it can accommodate new data sources and evolving analytical needs.
Analyze the metadata: Once the metadata repository is established, healthcare enterprises can begin to analyze the metadata to gain insights into the quality of their data, identify patterns and trends, and optimize clinical workflows.
Implement data governance processes: Finally, it is important to establish data governance processes to ensure that the metadata analytics initiative is aligned with organizational goals and objectives, and that data is managed in a secure and compliant manner.
Overall, data sprawl and cyber security challenges in the healthcare industry are real threats that need to be addressed. By implementing a unified data management platform, organizations can better protect their sensitive data and reduce the risk of becoming victims of malicious attacks.
That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.
With the advent of GenAi, the security posture of enterprises has changed a lot and there are few new areas that needs to be looked at holistically. The enormous amount of data fed to AI systems have exponentially increased one of the reports from a…
Recent studies reveal a significant surge in insider threats, underscoring the critical need for a paradigm shift in cybersecurity strategies. According to the latest cybersecurity reports, insider threats constitute a substantial portion of data…
Background
Cross-Site Request Forgery (CSRF), also known as “Sea Surf,” Session Riding, Hostile Linking, or one-click attacks, is a prevalent web security vulnerability that exploits users' trust in websites to execute unauthorized actions. In a…
As India undergoes a transformative digital revolution across critical sectors like energy, finance, telecommunications, and transportation, the landscape of its information infrastructure has evolved dramatically. This evolution, while promising…
In today’s digital world, identity management plays a crucial role in ensuring the safety and security of personal information. Proper identity management systems are pivotal for compliance with Data Protection and Digital Privacy (DPDP) laws, which…
Author by: Amit Kharkade, Senior Technology Specialist - Xoriant
Gartner projects that by 2025, an overwhelming 95% of new digital workloads are poised for cloud deployment. However, this shift doesn't imply a blind leap for businesses into cloud…