Security for health infrastructure


Why information security for healthcare industry?

The recent incident of cyberattack at AIIMS, New Delhi highlights the need to look at the healthcare industry in terms of cybersecurity. The extensive adoption of electronic systems for medical health records, and related workflows has created large pools of sensitive and protected health information. Information security needs to be deeply integrated with business strategy and directions. Hospitals and health systems are required to have necessary and robust cybersecurity measures in order to identify, triage, respond to and report breaches/intrusions. Cybersecurity incidents not only bring to a halt the workflows at an institute, but also impact the trust of the patients in the delivery of care. The disruption in the IT systems can also lead to mortality events as medical records and diagnostic technology might be inaccessible across the network.

As on date there is not enough clarity available through official channels related to the AIIMS incident. While it was initially reported to be attacked by ransomware, there have been no specific updates available about system recovery and impact on the workflow at the hospital. This also brings up the need to have information security and cybersecurity practice.

Risks and risk mitigation

The specific risks to businesses will differ marginally among the service providers and healthcare chain. From a general perspective, a cyberattack on a healthcare service provider will impact:

  • Functional working at the healthcare service provider.
  • Impact patient workflows
  • Lead to data breaches for sensitive and personal health records.
  • Increase the number of successful attacks at similar institutions.

About the discussion series

The discussions are intended to examine the issues related to:

  • Cybersecurity approaches at healthcare service providers.
  • Establishing good cybersecurity practices i.e., what is required, how it might be accomplished.
  • Contrasting with other countries, and discussing if specific regulatory approaches can also create deterrents.
  • Increase in complexity for securing the infrastructure with BYOD (Bring Your Own Device), apps and multiple stakeholders.

This discussion series will be held as a series of online talks and discussions. RSVP to participate in the pre-conference activities, and the conference. Purchase a subscription to access videos and to support Rootconf’s community activities.

Code of Conduct: Hasgeek’s Code of Conduct applies to all participants and speakers.

Contact information: For queries about the conference and pre-conference activities, contact Hasgeek at or call (91)7676332020.

Hosted by

We care about site reliability, cloud costs, security and data privacy