Report on First Certificate Course in Cyber Security in Healthcare (CCCH)

A Joint initiative by Public Heath Foundation of India and InnovatioCuris with support of Lions Club of India through Lions Coordination Committee of India Association (LCCIA)

Summary

The healthcare industry is frequently struggling with data breaches and other cybersecurity incidents. That’s likely because cybercriminals know the value of medical data. The new wave of digitizing medical records has seen a paradigm shift in the healthcare industry. With increasing digitization in the healthcare industry, we have become more vulnerable to data and identity thefts. In these difficult times, attacks from malicious actors may even rise, which means healthcare cybersecurity must remain a priority in 2020.

Cognizant of the importance of cyber security in healthcare sector, Public health foundation of India (PHFI) collaborated with InnovatioCuris (IC) developed a Certificate Course in Cybersecurity in healthcare (CCCH) with an objective to provide understanding of healthcare with cyber security aspects and to help participants start security initiatives in their healthcare facility.

A total of forty-two participants from all across the country underwent the training from 04th -07th July 2020. For this training, twenty-three participants from six state governments, two PSUs, three government bodies and one private diabetes association received nomination from Lions Club of India through Lions Coordination Committee of India Association (LCCIA) and nineteen participants were enrolled through self-nomination.

Feedback and evaluation are an integrated quality assurance tool to assess the impact and effectiveness of course. A concurrent session feedback and evaluation was done on all 4 days. The questionnaire was administered at the end of each module on all the 4 days along with end session quiz and an exit exam of 40 marks with objective questions was conducted after the last session. The exit exam result had an average of 79% which is well above the passing score (50% of total); indicating a 100% pass percentage.

Feedback study shows that 97% of participants were satisfied with the course content and provided a speaker rating of 8 on a 10-point scale. We received overwhelming testimonials from participants wherein they mentioned that they would recommend the course to their organizations.

There is always a scope for improvement and learning. The three areas we plan to work upon on the basis of feedback received is by adding more Indian case studies and emphasising more on digital health / telemedicine topic, increasing the speaker pool and addition of relevant government guidelines.

To increase the scalability and to maximize the benefits of training we would reach out to various state governments for nominations and dedicated batches. To improve the sustainability and impact of the course, endorsement from the relevant government agencies linked with cyber security is indispensable.

Introduction

Public Health Foundation of India (PHFI)

PHFI, a public private initiative was launched by the 14th Hon’ble Prime Minister of India on March 28th 2006 at New Delhi, India. Evolved through consultations of multiple constituencies, Indian as well as International academia, state and central governments etc., PHFI is a response to redress the limited institutional capacity in India for strengthening training, research and policy development in the area of Public Health. Structured as an independent foundation, PHFI has adopted a broad integrative approach to public health, following up with the training of numerous Healthcare Professionals under various capacity building initiatives in Chronic conditions since 2010.

For more information visit: www.phfi.org

InnovatioCuris (IC)

InnovatioCuris which is commonly known as IC is a unique organization, which brings deep healthcare expertise, a scientific rigour on applying global innovation models & management processes by leveraging IT to deliver healthcare at an optimum cost. In IC we have partnered with world class academic institutes, government bodies, NGOs and healthcare organisations to create a collaborative ecosystem for piloting new interventions (systems and processes) to improve healthcare delivery.

For more information visit: www.innovatiocuris.com

Lion’s Club International (India)
Lions are a global service network of volunteers that make a difference in their local communities. Lions Clubs is the world’s largest service club organization with more than 1.35 million members across 46,000 clubs in 209 countries. Lions Clubs was established in India, in Bombay, in February 1956. Lions Clubs in India are the second largest group of volunteers in the world after USA, with 6,335 Clubs and 2,35,000 members. Lions Club of India through Lions Coordination Committee of India Association (LCCIA) also joined hands with us towards providing full fee sponsorship to 23 participants.

For more information visit: www.lionsclubs.org.in

Curtain Raiser: Thought leaders’ conversation on Promoting Cyber Security in Health care

Public Health Foundation of India and InnovatioCuris organised an online event: Thought Leaders conversation on promoting security in health care on 10th June from 4pm to 5pm. We had the proud privilege of having Lt. Gen. (Dr.) Rajesh Pant (National Cyber security coordinator, Government of India), Hony. Brig Dr. Arvind Lal (Chairman and Managing Director of Dr. Lal Path Labs) and Dr. Harish Pillai, Group CEO, Aster DM healthcare, as the event panelists. Apart from the eminent panelists, we were fortunate to have thought leaders and dignitaries from NHSRC, NABH, State governments, PSU’s, corporate hospitals and various top academic institutes.

Dr Arvind Lal, MD, Lal Path Labs said, “we live in an Interconnected age. He mentioned three important points, the threat of ransomware is experienced regularly by the health sector. Second point was about patient data. How that the data is being traded in the black market. With Digital India enabling healthcare at last mile the threat to patient data is more real. The third issue is the connected healthcare, in terms of the medical devices and the healthcare would remain as the prime target for hackers. Ultimately it comes down to people and processes to keep this patient data absolutely secure. A comprehensive security awareness program can help healthcare facilities combat many of the security concerns discussed today. With the right resources and support from leadership security awareness training can teach the facility staff how to identify, how to avoid and how to report the hacking attack takes place.

Dr Harish Pillai, Group CEO, Aster DM Healthcare, shared his viewpoints, an extract of that is as follows: “Covid has led to healthcare providers jump to the bandwagon of telehealth without due diligence or due process in selection of the vendor, hardware and other components. But it is a change whose time has come. He seconded the view point of Dr Arvind Lal on patient data protection. Dr Pillai foresees that a lawsuit on breach of data privacy might open eyes of people in future, if the topic is not taken seriously. He highlighted cyber security issues arising in telemedicine, medical devices, home care and in general with the adoption of digital health. He suggested having mission mode task force to take up the issues of cyber security is need of the hour. The training program on cyber security as per him will go long way in safeguarding the health sector.”

Lt. Gen. (Dr.) Rajesh Pant, National Cyber Security Coordinator, India, responded to both the panelists by saying that data security topic is very important and the pending bill of Personal Data Protection Act in the parliament is going to be a big step in this direction providing a regulatory framework for improved security of citizen’s data. Also, the mission task force headed by him has produced the national cyber strategy this year. Health sector has been neglected as per him in past but COVID-19 has shown us how every component of economy is dependent on health sector. COVID-19 has also created an atmosphere of fear and uncertainty which is breeding ground for cybercrime.

He shared specific advice to healthcare providers which is as follows:

• To have a dedicated Chief Information Security Officer, with two separate cells for IT and other on cyber security. So, that implementation and testing is not done by the same people
• Allocate budget for cyber security, which is 10% of the IT budget

He concluded with three hard facts:

• Vulnerabilities will continue to exist
• Cyber-attacks will continue to happen
• Attribution of these attacks will be difficult

Hence, similar to physical hygiene for COVID-19, cyber hygiene also gets utmost importance for the health sector! Cyber hygiene as per him covers a variety of measures like stronger passwords to a good cyber security policy in an organization.

Training model

In the age where cyber-attacks on digital infrastructures have become a daily affair, no country including India is resistant to such a global phenomenon. Disasters and pandemics pose unique challenges to providing health care.

Once the PDP and DISHA comes into effect, the healthcare organizations will need to comply with it at the earliest. Organizations in healthcare will have to conduct regular trainings for their personnel so that they can maintain compliance with the security protocols mentioned in India’s data protection law.

The course curriculum for the program developed by InnovatioCuris and PHFI comprises of four modules. The entire course curriculum contains pre-course reading material, power point presentations, case studies, assignments and group activities.

Course Objectives

Primary Objective

• To provide understanding of healthcare with cyber security aspects and to help participants start security initiatives in their healthcare facility

Secondary Objectives

• To provide basic knowledge of internet and cybersecurity
• To establish understanding on cybercrimes in health sector
• To help create cyber security policy for healthcare facility
• To help the participant reduce errors and make healthcare facilities more secure

Salient Features

Course Pedagogy

The first batch of this 4 modular training was planned from 04th to 07th July 2020 with one session each day on zoom platform from 3.30 – 05:00 pm India Standard Time.

Criteria of Certification

The criteria for successful completion of the program is as follows:

• Participation in all sessions of webinar series of 90 minutes
• Appearance in end session quiz post completion of session
• Appearance and clearance of final examination in the form of MCQ’s for 20 minutes, after Module 4 (Minimum 50% marks to be obtained in exit exam to be eligible for the certificate)
• Submitting a brief self-assessment survey report (maximum 1-2 pages), within 08 days of course completion i.e. by 15th July (For LCI nominated participants)
• Course Curriculum

Course curriculum

Session calendar

Course Design

Inaugural of the course on 4th July 2020

During the Inaugural ceremony of the course, Dr. Anuradha Aggarwal Monga welcomed all the delegates and participants and gave an overview of the Certificate course in Cyber Security in Healthcare (CCCH) followed by welcome address by Surgeon R. Admiral Dr. V.K Singh (Retd.), inaugural remarks by Lt. Gen (Dr.) Rajesh Pant, special remarks by Mr. Naresh Aggarwal and Prof. K. Srinath Reddy and ceremony was concluded by Vote of Thanks by Dr. Sandeep Bhalla.

Surgeon R. Admiral Dr. V.K Singh (Retd.), (Managing Director, InnovatioCuris), in his welcome address expressed his gratitude towards Lt. Gen. Rajesh Pant stating that he desired for cyber security initiatives in health sector and PHFI and IC provided impetus for this course. He welcomed all the dignitaries and highlighted the importance of cyber security in current times.

Lt. Gen Rajesh Pant (National Cyber Security Coordinator, Government of India) in his inaugural remarks complemented IC and PHFI on launch of the course and showed his gratitude on behalf of Govt. towards lions’ club for supporting this cyber security training by nominating participants from state governments, PSUs and other government bodies. He emphasized on the fact that Healthcare and research institutions are most targeted in cyber-crime and recommended that all hospitals should have Chief information security officer (CISO)and cyber security cell to prevent cyber-attacks. He propagated that sectoral cyber security training is a need of the hour as every sector needs different proficiency. He concluded by extending his full support for this training and stated that along with physical hygiene, cyber hygiene should also be practised.

Mr. Naresh Aggarwal [(Past International President LCI (2017-18), Immediate Past LCIF Chairman (2018-19), Board Appointee LCI (2019-20)] in his special remarks emphasized on the fact that Cyber Security is not just about protecting data; it is fundamental for maintaining the safety, privacy, and trust of patients. With increasing digitization in the healthcare industry, it has become prone to Cyber threats. So, training of healthcare workers on cyber security is of utmost importance and concluded by providing his appreciation to this initiative.

Prof. K Srinath Reddy (President, Public Health Foundation of India) in his special remarks stressed on the fact that cyber security has become inseparable from health security. He recognised the role of cyber space as important platform in delivering health services but at the same time cautioned that this valuable tool can be breached with data thefts and thus required to be protected so that health can be promoted in all directions. He emphasized that Cyber space offers plenty of opportunities to improve efficiency and outreach in health services, therefore we need cyber security as an important tool so that all efforts for health systems are adequately protected and promoted.

Dr. Sandeep Bhalla (Director- Training, Public Health Foundation of India) in his Vote of Thanks stated that health is the biggest investment in these trying times and expressed gratitude towards all the delegates for extending their support in this initiative.

(Anticlockwise) Mr. Naresh Aggarwal, Past International President LCI (2017-18), Immediate Past LCIF Chairman (2018-19), Board Appointee LCI (2019-20),) Prof. K Srinath Reddy, President, PHFI, Dr. Sandeep Bhalla, Director- Training, PHFI, Lt. Gen (Dr.) Rajesh Pant (National Cyber Security Coordinator, Government of India), Surgeon R. Admiral Dr. V.K Singh (Retd.), Managing Director, InnovatioCuris, Dr. Anuradha Aggarwal Monga, Program Manager, PHFI

Technical Sessions from 4th -7th July 2020

Each technical session was moderated by Dr. Anuradha Aggarwal Monga, Program Manager PHFI. At the beginning of each session, the moderator introduced the speaker and the topic of the day. This was followed by the one-hour session by the faculty using slides. During the session participants were free to type their questions in the chat box. Most of the questions were answered during the session only on the chat box. At the end of the session, the speaker summarized the key points and opened the floor for Q&A.

Post technical session participants attempted end session quiz through Microsoft forms link provided to them in chat box and on dedicated course whats app group. Speaker gave assignment pertaining to each module which was to be submitted by the participant next day by 10 am and analysis of quiz and assignment was summarized by the faculty in preceding session for invoking discussion and learning.

Closing Ceremony on 7th July 2020

On the last day of the training, Mr. J. P. Singh, International Director, LCI (2018-21), Chairperson, LCCIA (2019-20) was the guest of honour.

In his address, he saluted all the health workers for their tremendous job during this pandemic. He stressed that IT has become an integral part of every field, especially in healthcare. Mr. Singh appreciated the efforts of faculty in educating doctors in this field. He also appreciated that PHFI took care of this subject and came up with this initiative and was happy to be a part of this initiative.

During closing ceremony 04 participants gave their feedback for the course and shared their view about cyber security and its importance in these times.

Speakers

Mr. Sachin Gaur

He is a researcher cum entrepreneur in the space of mobile and Internet solutions. He was in the top 10 innovators in India under India Innovates Growth Programme 2013 by FICCI. He has a double M.Sc.(tech) in Mobile Security and Cryptography from Aalto University, Finland and University of Tartu, Estonia. He has worked in the past with organizations like Adobe, C.E.R.N. and in research at the Aalto University in security related topics.

Also, he has a dozen patents issued/pending in USPTO apart from contributing book chapters in two books on topics of Innovation and Healthcare.

Lt. Col. Satyendra Verma (Retd.)

An Army veteran who prides himself as a problem solver. He has a passion for technology which was amplified through extensive exposure to communication and Information Security during 23 years of service with Indian Army. Post retirement he has led important initiatives in Mobile and App technologies with startups as well as with a leading Industry body. Since 2017, he has focused on Indian Healthcare sector and through extensive interaction, gained unique insights on the state of Healthcare Data Security & Privacy in India. In 2018, he co-founded XScale Innovation, as a vehicle for his many innovative solutions, one of them being to help and support Information security in Indian healthcare sector. He is a Data Privacy expert and Certified Lead Auditor for Information Systems Security.

At 51, he is also an active sportsperson representing India as Captain of Indian Wingsuit team.

Participants

A total of 42 participants from all across the country underwent the training in this batch.

For this training, 23 participants from state governments, PSUs and other government bodies received nomination from Lions Club of India through Lions Coordination Committee of India Association (LCCIA) and 19 participants were enrolled on course fee through self-nomination.

Detailed participant list is given as annexure 2.

Outreach of Participants

Participant Profile

• Gender Ratio :33% females and 67% males
• Average experience of 14 years.
• 15 from the private sector, 22 from government, 1 from NGO and 4 are from PSU’s
• Categories of Participants:
  • Health Officials (Central, state, Public sector, Programs, etc
  • Top Management (Owners, CIO /CISO)
  • Practising/Resident Doctors (Private/Govt.)
  • Managers (Quality, IT)
  • Consultants (Private/Govt.)
  • Professors & Students

Participant Survey, Feedback and Evaluation

A pre-course survey was done before the training initiation.

Out of 42 participants 38 answered the pre -course survey

Feedback Analysis

A concurrent session feedback and evaluation was done on all 4 days which intended to summate the feedback, satisfaction and experiences faced by the participants during the course. The feedback obtained will further enable to suitably modify the course curriculum content and delivery of future cycles of this course thereby strengthening the quality, going forward. The questionnaire was administered at the end of each module on all the 4 days along with end session quiz.

Exit Exam

The exit exam constituted 20 questions each carrying 2 mark, to be completed in 20 minutes. The result had an average of 79% which is well above the passing score (50% of total); indicating a 100% pass percentage.

• In form of Multiple-Choice Questions
• 20 minutes ;20 MCQs
• Minimum 50% marks required, i.e. 20
• No negative marking

Participant Testimonials

Dr. Anagha S, Resident Surgeon, Karnataka

It was an eye opener for me, as I have just started my career in health care, I have many more years to go. I have learnt how important it is to practice cyber hygiene both on my personal gadgets and also on hospital systems. It is definitely going to help me in my future to safeguard my patient’s data and help the hospital I’m working in, to make it more cyber secure

Saravanan Sankaran, CIO, Aravind Hospital, Chennai

CCCH conducted by PHFI was a unique opportunity to understand the evolving demand on Cybersecurity in Health Care. The course content was certainly beneficial and was focused on the appropriate topics for Health care Professionals. My objective was met to understand the upcoming demand on Data Security and Protection in health care from the PDPA bill. My sincere appreciation to all the PHFI facilitators and to the instructors who kept the 4-day sessions very interactive and covering the concepts without technical jargons. I believe this course can be conducted for my organization staff.

Dr. Binit Shekhar, Senior deputy chief medical officer, NHPC

Course was very well designed, perceiving the cyber threat, which is looming large over the ever-increasing use of internet in healthcare services. It’s important to all the stakeholders of healthcare sector and encompasses all the people & processes. The content of the program provided a fair amount of information about the risks we are going to face in our day to day operations. The flow of the program alongside the end session quiz kept all the participants engaged and focused towards the objectives of the program. Certainly, every organization should have such useful and well conducted programs, with such knowledgeable and intelligent faculties, who made such technical subject so non-technical and easy to understand.

Dr. Jiffin T Thilakan, Malankara hospital, Kunnamkulam, Thrissur

As there is a new approach for medical consultation, its better late than never to know about the cyber hazards which will be faced by us. This course took me way beyond my expectation levels. The course material was simple and so digestible in a way that a common person could understand about it. If I get a stage to present this course in my hospital I will definitely give them a thumbs up.

Dr. Mandeep Sarma Basistha, Medical and Health Officer, Assam

We got a basic idea about cybersecurity in healthcare. Course is It’s beneficial and I am more enlightened. My objectives were fulfilled. I like the participatory approach. I would like to conduct the same course in my organization.

Dr Priti Elhence, Professor, Sanjay Gandhi Postgraduate Institute of Medical Sciences, Lucknow

It was a wonderful introduction to a relevant subject. Has made me understand the terminology / language of cyber science and provided a framework to understand the systems. The course was very well taught by learned speakers n well conducted by the moderators. As a novice student need more time to absorb the subject. Would also like the course to cover safe cyber practices for an individual. Would surely like to have this course conducted for my Institute. Thanks a lot!!

Annexures

1. Agenda of the inaugural ceremony and course

2. List of Participants