Dr. Sushil Meher, Head – IT, AIIMS
In an increasingly dynamic digital landscape, staying ahead of cyber threats is vital. As cybercriminals evolve and deploy sophisticated tools, organizations must proactively assess their vulnerabilities and adopt next-generation technologies to protect sensitive information.
The Evolving Healthcare Regulatory Landscape
India's healthcare sector stands at the cusp of a major regulatory overhaul with the introduction of the Digital Personal Data Protection (DPDP) Act. Initially conceptualized as the Personal Data Protection Bill, the DPDP Act has now replaced earlier frameworks such as the Digital Information Security in Healthcare Act (DISHA), which remains pending due to broader delays in formalizing a national data protection policy. With the DPDP Act currently open for public consultation, it is poised to significantly shape the eventual rollout of healthcare-specific data regulations like DISHA.
Given the highly sensitive nature of healthcare data—ranging from medical histories to biometric identifiers—it has become a prime target for cybercriminals. On the dark web, such records can fetch between $30 and $300 each, making them far more valuable than typical financial data. The DPDP Act introduces stringent data access controls, ensuring that only authorized healthcare professionals can retrieve patient records. However, ensuring compliance while maintaining operational efficiency and patient care continuity will be a delicate balancing act.
The Expanding Role of the CIO
As healthcare organizations continue their digital journeys, the Chief Information Officer (CIO) now plays a strategic leadership role—balancing regulatory compliance, cybersecurity, and digital integration. One of the pressing issues is ensuring data security without slowing down critical healthcare operations. With DPDP enforcement on the horizon, the appointment of a Chief Data Officer (CDO) will become essential. While many organizations have yet to formalize this role, strategic planning is underway to ensure readiness.
Fostering a Security-First Culture
A proactive, security-centric approach is critical for safeguarding healthcare data. Our cybersecurity team comprises over 20 dedicated professionals and 300+ IT specialists focused on defending against emerging threats. A primary objective is to implement security measures that do not impede clinical workflows. With AI serving both as a threat vector and a defense tool, staying informed through continuous education and knowledge sharing is essential.
As compliance with DPDP becomes mandatory, our commitment remains clear: protecting patient data through robust, adaptive, and efficient security frameworks that support seamless healthcare delivery.
