InnoHEALTH magazine interviews Accurate Info Soft Pvt Ltd.
Hospitals, like any other modern organization, increasingly rely upon IT systems for a wide variety of administrative and clinical functions. These establishments are highly complex in terms of processes, which can have constant activity 24/7×365. Also, we must not ignore the fact that most of the equipment and diagnostics technologies used in medicine are using highly computerized components. This entire network of devices, equipment and systems that often require connection to external systems, is a very critical and complex environment to control.
Cybersecurity helps in keeping the information of the patient confidential for legal purposes and also prevents cybercrimes. With increasing cyber crimes nowadays, InnoHEALTH magazine took initiative to interview some cybersecurity providers who can help become resilient and mitigate the crisis.
Disha Soni and Prateek Malhotra interviewed Mr. Sachin Gupta, Director, Accurate Info Soft Pvt Ltd on behalf of InnoHEALTH magazine.
Disha: Sir, first of all I along with my colleague Mr. Prateek Malhotr, would like to welcome you to this telephonic interview for the purpose of knowing your perspective about cyber threats and cyber security provided by your organization in healthcare. We are working as a research internship at InnovatioCuris. InnovatioCuris has been working on various cybersecurity initiatives with several National organizations, like the PHFI, CAHO, etc. Also, we would like to thank you so much to take out your precious time to have a conversation with us. So now I will request you to kindly give me the permission to start the interview.
Mr. Sachin Gupta: Before starting this interview, I would just like to tell you that we are into the software part. Cyber security comes more in the infra part like, for any hospital to implement this they need an infrastructure then on the top of that they need the software. So we are basically looking after the software part. So, I will be sharing my views from a software perspective.
- As a preface, what would you like to tell us about yourself and how your services and products impact the health sector?
Ever since Accurate started in 1995, we are making health care products, starting with DOS, Windows, web and now the mobile base. Our software contains a complete end-to-end solution for hospitals from the patient to hospital perspective. So the main advantages are, instant information to the patients, good efficiency pilferage control, better generation of Management Information System (MIS). So, all these things can help a healthcare establishment in serving the patients and hence increasing the revenue.
- What kind of healthcare setups do you target, and what makes a major part of your business.
A major part of business is made up of the big hospitals. By big, I mean a hundred bedded to thousand bedded hospital. As these hospitals have the required infrastructure to maintain our software but nowadays as the focus is shifting on the cloud, even the small hospitals can use our softwares on a monthly subscription basis.
- Do you target private as well as public hospitals?
Basically we are more into the private hospitals. For public hospitals, it requires a whole together different process like filing a tender etc. And it requires a lot of formalities, so we are more into the private hospital groups.
- How has the health IT industry changed over the past ten years. And what are the major changes that you have seen concerning the adoption of digitization in the healthcare sector in the last five years.
In the last five years, I have seen a very dramatic change in the healthcare industry and the reason being patients’ expectations. Before, 5 or 15 years ago, you just needed to give the bills and give reports to the patient. But now the expectations have advanced like receiving SMS/reminders, availability of reports on mobile etc. So, now software is serving as an assistant to the patient and now the patient is the part of the software. Patients can log in and see their own details, request for appointments and everything. Now patients are more aware and more involved in the software. Previously softwares were only known as the billing clerks of the hospital as they only used to give the print out of the bills. But now patients are very much involved in the software, they log in and they can update their information, they can fetch their information. So it’s a complete turn around, now the patient is also a part of the software and everyone is a part so you can call it a system instead of just calling it a software.
- In general, what are the main security risks that you face in your practice cases, when shifting from paper-based to electronic format and what are the best ways to minimize those risks?
In the manual times, there was no security there. They used to have a register and all, so they were safe. When we moved to computers 20 years ago, the issues were that their hard disk might crash and no surety for backup, these were the main issues. But now, when the things are online, the server has to be on the internet. Now, the major security issues are ransomware and virus and hacker attacks. So there are a lot of tools at hardware level and also from the software level that we have to use the tools to prevent data theft, cyber attacks and ransomware. These are the major issues apart from the hardware failure like, some hard disk crash and all.
- What are the security compliance practices that your company follows to prevent these attacks or how do you minimize them at your level?
We are trying our best to keep our security updates like a good firewall and then HTTP, now they also issue a certificate on their site and call it https secure certificate. We install that on our website, then the password encryption and data encryption whenever data travels through the internet, it should be in the highly encrypted form. So there are some issues for the ransomware, no antivirus company has been successful against ransomware and only Firewall can block them. So we suggest that there should be a separate web server and separate data server so that they cannot enter the data server. So these are some measures and above all whatever these measures are there. We have to take backups at regular intervals, maybe 2 times a day. So we have given us some backup solutions to our customers. Also we maintain their backup at our data centers so their backup will be copied after every one hour. So, instead of the security measure it should be a preventive measure and backup is one of the very important measures so that whatever happens suppose you can immediately recover and go online.
- Since you have been in this industry, would you like to share any cyber incidents that might have happened in your organization or at your clients organization? How did you handle it?
Different types of incidents have happened at different times. Nowadays, any incident that happens at a frequency of two times in a year and majorly it is a ransomware attack. They just hack the server and then they ask for some Ransom money in dollars, then they restore it back. We have also faced this problem in our data centers also, so ransomware is the major security threat from the last two-three years. And before that, there were other threats like, staff trying to manipulate the data for their profit or theft issue and virus issues were there three-four years back. So with the changing time, the level of threats are increasing.
- You must have heard about the personal data protection bill. What is your viewpoint on that? And how do you think that it will impact your business?
It is a very good initiative by the government because till now we were just curbing the issues technically. But now it is declared as a criminal offense so if somebody tries to fiddle with the data or any malfunctioning with the data, there would be some fear of doing these things. So I think this is a very good move by the government concerning cybersecurity.
- What is your Viewpoint about the Disha act? How can it impact the business with its enforcement?
Sorry, I haven’t heard about that.
- With regard to improving the Security in the digitization Journey of Indian Health sector, as we are moving more towards it. So, what is your advice to the healthcare delivery organizations?
The advice is that they should use good quality servers, good certificates, good data security measures, whatever it takes and they should only allow the encrypted data to travel across the servers. So these are the major things that we can do and moreover with the personal security bill we can now act with the criminal prosecution also. These are the only things we can do.
- With the AI and other emerging Technologies what are the opportunities and challenges you see in handling large-scale Health Data and what are the new job roles that you foresee in regards to data protection and processing?
This argument is running on from the last 25 years, about the pros and cons of AI. From the customers perspective, the Pros would be they can get answers faster, they can get more relevant data, they can get the better view of data, 360 degree view of data using Ai. In medicine there is a lot of new software like MRI, CT scan, almost everything is digitalized now. The software now is telling where the problem is and providing the diagnoses And for the last 20 years, I’m hearing that it will do the job loss in the industry because a single robot can do work of more than 10 people. Now we are also using some bot in our software so that they can analyze and do everything they require. So I think it’s very helpful for our industry and for the customer. It’s very helpful.
- Out of my curiosity, I want to ask you a question since you are in this industry for so many years. So have you seen any job loss due to this, AI and other technology
See the ones who are not updated at the right time will be not successful in the future and so one has to stay updated to be in the market. Otherwise, I have seen many people 20 years ago who did not update and now they become a liability and organization trying to get rid of them. So my advice to all of them to keep them updated with new trends.
For the readers. I like to say that just welcome technology. Let’s try to use a technology to the fullest, it will definitely help in growing the business and technology is the future now.
Interviewed by: Disha Soni and Prateek Malhotra