Nearly 89% of hospitals strengthen cybersecurity, but gaps persist: Report

New Delhi: A joint report by Deloitte India and the Data Security Council of India (DSCI) highlights that Indian hospitals are steadily advancing in cybersecurity practices. According to the report, 89 per cent of hospitals have implemented third-party risk management systems to safeguard patient data and mitigate cybersecurity risks posed by vendor networks. However, only 10 per cent of hospitals have adopted holistic data privacy programs, underscoring a critical area for improvement.

The report titled "Cyber Resilience in Hospitals", outlines both the progress and challenges faced by the healthcare sector in the era of rapid digital transformation informed that the Digital Personal Data Protection Act (DPDPA) is expected to drive further progress.

While 90 per cent of hospitals have crisis management plans in place to combat cyberattacks, only 60 per cent simulate these processes, leaving many institutions vulnerable to ransomware attacks, data breaches, and insider threats. Additionally, about 80% of hospitals have adopted electronic medical records (EMRs), with 40 per cent integrating EMRs into hospital management information systems (HMIS). Furthermore, 70 per cent of hospitals are adopting the zero trust security framework to enhance data security.

The report recommends hospitals to allocate 12–15 per cent of their budgets over the next two years to cybersecurity and digital infrastructure to remain resilient against cyber threats. Currently, 50 per cent of hospitals have purchased cyber insurance policies to mitigate financial risks stemming from data breaches or cyberattacks.

"In today's rapidly evolving healthcare landscape, hospitals must navigate digital transformation with a strong focus on cybersecurity. Investing in cloud technologies and addressing skill gaps will be critical to building resilient systems," said Vikram Venkateswaran, Partner, Deloitte India.

Vinayak Godse, CEO, DSCI, added, "Hospitals are laying the foundation for future-ready digital infrastructure. However, integrating fast-paced technological adoption with better cybersecurity measures, resiliency preparedness, and governance is essential for long-term sustainability."