A Preventive Approach is Critical to Healthcare Cybersecurity

DR. SUSHIL MEHER,
RETIRED HEAD – IT, AIIMS

In today’s digital era, cyber threats are evolving rapidly, particularly in data-sensitive sectors like healthcare. As attackers use advanced tools to exploit vulnerabilities, organizations must stay updated and adapt quickly. India’s new Digital Personal Data Protection (DPDP) Act is a significant development, especially for healthcare, where patient data is increasingly digitalized and highly valuable—often sold for $30 to $300 on the dark web.

Originally preceded by the unimplemented DISHA law, the DPDP Act is expected to influence its finalization. The act mandates strict data protection, allowing only authorized medical personnel access to patient records. However, this introduces a critical challenge: ensuring robust cybersecurity without hampering operational efficiency, such as delaying emergency care due to access restrictions.

CIOs in healthcare are now expected to be strategic leaders, ensuring compliance, securing patient data, and integrating technology while overcoming resistance to change. With DPDP enforcement looming, organizations are preparing to appoint Chief Data Officers (CDOs) to oversee compliance, though many roles remain unfilled.

Security teams are adopting AI-powered, proactive strategies, balancing safety with seamless workflows. Healthcare providers must continuously update their skills and systems to stay ahead. As compliance becomes legally binding, the focus is on safeguarding data without disrupting care—through adaptable, security-first approaches that support both clinicians and patients.