As little as five percent of pharmaceutical companies have secure cybersecurity systems, an expert in the field said at a recent forum.
Sal Krishna, chairperson of the Global Cybersecurity Forum, said between five and ten percent of pharmaceutical companies in India possess the security systems needed to protect data from hackers. Many, he added, do not know if a hack has occurred until around six to eight months after the fact. The news comes at a time when weaknesses in the security of digital health data in India have been coming to light.
“If a company is researching and creating a particular medicine composition for years, a hacker can steal the data or formula and sell it in black market,” Krishna said at the event in Hyderabad which was supported by the Telangana state government. “Most companies are still running traditional machinery. The machinery responsible for manufacturing the drug is connected to computing systems.
“If the server of the manufacturing plant is hacked, not only the whole plant will be affected, there can be a malfunction in the critical functioning of the plant. The hacker can change the critical drug composition, which can be a huge threat. Current systems don’t have security control and visibility in place to immediately detect the attack and respond on a real-time basis.”
The pharmaceutical sector is not the only part of Indian healthcare where flaws in cybersecurity systems leaves valuable and, oftentimes, sensitive data vulnerable. 76 percent of medical practitioners in India use digital health records, yet a number of incidents have called into question how secure individuals’ health data is. Recently, 68 lakh medical records were stolen from a healthcare database by hackers whilst, earlier this year, a security breach led to the records of 12.5 million pregnant women being publicly accessible. As such, all quarters of the healthcare sector in India need to be vigilant when it comes to cybersecurity and take steps to make sure that valuable data – be it research and development or patient information – is kept safe.