As the healthcare sector rapidly digitises, it has also become the most targeted industry for cyberattacks in India, accounting for over 21% of all cyber threats in 2024. This alarming trend highlights critical gaps in legacy infrastructure, cybersecurity awareness, and data protection. In an exclusive interview, Dipesh Kaura, Country Director – India & SAARC, Securonix, shares with Dr Asawari Savant of Elets News Network (ENN), how AI-driven platforms like Securonix can help bridge these gaps to build a more resilient, compliant, and secure digital health ecosystem. Edited Excerpts 

With healthcare becoming the most targeted industry for cyber threats in India, what are the key vulnerabilities you’re observing, and why is the sector increasingly attractive to cybercriminals?
The healthcare sector in India has emerged as the top target for cybercriminals, accounting for a significant 21.82% of all detected cyber threats in 2024, outpacing traditionally high-risk sectors like hospitality and banking (Source: DSCI Report 2025).

Key Vulnerabilities in Indian Healthcare:

• Outdated Systems and Legacy Infrastructure: Many healthcare providers still operate on obsolete platforms, exposing them to known vulnerabilities.
• Fast-Track Digitisation Without Proper Security: The surge in digital health records, telemedicine, and connected medical devices has outpaced the development of secure frameworks.
• High-Value, Sensitive Data: With access to personal and medical records, healthcare systems are a goldmine for cybercriminals seeking to profit from data theft or ransomware.
• Low Cybersecurity Awareness: Staff often lack the necessary training, making them susceptible to phishing or social engineering attacks.

Why Cybercriminals Target Healthcare

The urgency of healthcare services makes providers more likely to pay ransoms quickly to resume operations, increasing their risk of ransomware attacks. Additionally, medical records are highly valuable for fraud, as they can be used for identity theft, insurance fraud, or sold on the dark web. The complexity of healthcare networks, with numerous integrated systems and connected devices, creates multiple vulnerabilities, providing attackers with various entry points. Solutions like Securonix help healthcare organisations by providing advanced threat detection and automated response capabilities to quickly identify and mitigate these risks.

Given the legacy systems and rapid digital transformation in healthcare, what critical steps should institutions take to modernise their cybersecurity infrastructure?
Modernising cybersecurity in the healthcare sector requires a strategic approach that bridges the gap between outdated systems and evolving digital tools. Here are the critical steps institutions should consider:

• Shift to a Cloud-Native Security Model: Traditional on-premise tools lack the flexibility to handle today’s evolving threats. Adopting cloud-native platforms like Securonix provides scalable, real-time threat detection and faster incident response, critical for safeguarding sensitive healthcare data in a regulated environment.
• Adopt Behavioural Analytics for Proactive Threat Detection: Healthcare organisations should implement User and Entity Behaviour Analytics (UEBA), such as those offered by Securonix, that use machine learning to detect anomalies in user and entity behaviour, enabling early identification of insider threats and compromised accounts instead of relying solely on static threat signatures.
• Secure Electronic Medical Records (EMRs): EMRs remain a top target for attackers. Advanced monitoring and analytics from platforms like Securonix can track access patterns, flag suspicious activity, and support role-based access controls to minimise data breach risks.
• Strengthen Insider Threat Management: As internal breaches become more common, solutions like Securonix’s SIEM and UEBA help healthcare organisations spot unusual activity by monitoring user behaviour and sending smart alerts, enabling quick action without affecting patient care.
• Integrate Automation and Incident Response Workflows: With rising alert fatigue, adopting SOAR capabilities like those offered by Securonix helps automate routine tasks and streamline response through intelligent playbooks, improving speed and consistency.

How do AI-driven tools like User and Entity Behaviour Analytics (UEBA) enhance the ability of healthcare organisations to proactively detect and respond to threats?
Healthcare environments are rich with sensitive data, interconnected devices, and complex user interactions, making them prime targets for cyber threats. UEBA enhances security by detecting anomalies in behaviour patterns across users, devices, and systems using machine learning and behavioural analytics.

By analysing both human and non-human interactions, such as unusual file downloads by a user or unexpected request surges to a server, UEBA identifies deviations from normal behaviour that may indicate potential threats. Securonix UEBA goes beyond traditional log analysis by using advanced machine learning to discern the intent behind user actions, distinguishing legitimate operations from potential threats. This proactive detection capability ensures robust protection against unauthorised access, insider threats, and cyberattacks, safeguarding both patient data and critical healthcare operations.

False positives have long been a challenge in cybersecurity. How does Securonix use machine learning to reduce noise and ensure healthcare security teams focus on real, high-risk anomalies?
Here’s how Securonix reduces noise and enhances threat detection in healthcare environments:

• Behaviour-Based Detection Over Signature-Based Alerts: Unlike legacy SIEMs, Securonix leverages machine learning to baseline normal user and system behaviour across healthcare applications (e.g., EMRs, lab systems). It detects deviations from these baselines, such as unusual logins or access to patient charts, helping differentiate between benign activity and real threats.
• Healthcare-Specific Use Cases: Securonix includes out-of-the-box content tailored to healthcare environments, including use cases for patient data snooping, insider threats, ransomware, and account misuse. This industry-specific focus minimises irrelevant alerts and prioritises those that pose real security or compliance risks.
• Context-Enriched Threat Modelling: By correlating data from network, cloud, and application sources, Securonix provides a unified threat picture. This allows teams to trace an attacker’s entire path, entry point, movement, and impact, making it easier to isolate high-priority events and filter out background noise.
• High-Fidelity Alerts with Threat Chain Analytics: The platform’s threat chain analytics link low-risk anomalies into patterns that indicate a progressing attack. This reduces false positives and enables healthcare security teams to respond proactively to sophisticated threats.
• Scalable, Cloud-Native Architecture: Securonix’s cloud-native SIEM ingests large volumes of structured and unstructured data across healthcare environments without overwhelming teams with irrelevant alerts.

What are the tangible financial and reputational risks healthcare providers face due to data breaches, and how can SIEM platforms help mitigate these risks?
Healthcare providers face major financial and reputational risks from data breaches due to the sensitive nature of patient data and strict regulations. Fines under laws like HIPAA (up to $1.5 million per category/year) and India’s DPDP Act (up to ₹250 crore) can be severe. Legal fees, investigation costs, and compliance audits add to the burden. Ransomware attacks can disrupt operations and force costly payouts, while cyber insurance premiums typically rise after a breach, compounding long-term costs.

Reputationally, a breach erodes patient trust, often prompting patients to switch providers, and can cause lasting harm to an organisation’s brand image.

SIEM platforms like Securonix play a critical role in mitigating these risks. By leveraging real-time monitoring and behavioural analytics, Securonix can detect and respond to anomalies such as unusual access to EMRs or large data downloads, common indicators of insider threats or external attacks. Its integration of SOAR (Security Orchestration, Automation, and Response) capabilities enables automated, rapid containment actions to minimise damage. Furthermore, Securonix supports audit-ready reporting, role-based access controls, and PHI masking to limit data exposure and aid compliance with laws like DISHA and the DPDP Act.

How can solutions like Securonix assist healthcare organisations in aligning with data protection laws like HIPAA, DISHA, or upcoming digital health regulations in India?
Securonix ensures compliance by combining advanced behaviour analytics with compliance-ready features. It enables privacy by design through capabilities to mask and hide privileged information during event collection and analysis, protecting sensitive health data. The platform offers out-of-the-box compliance reports and simplifies audit preparation.

With pre-built healthcare use cases, including detection of account misuse, data snooping, insider threats, and ransomware, Securonix ensures that security teams can proactively identify and respond to violations while minimising false positives. This holistic approach supports healthcare providers in operationalising compliance and strengthening their data protection posture.

Also read: Ujala Cygnus Appoints Nitin Nag as MD & CEO to Spearhead Expansion in Tier-II and Tier-III Healthcare

Looking ahead, what trends do you foresee in the intersection of AI, cybersecurity, and healthcare, and how is Securonix innovating to stay ahead of evolving threats?
Our core focus is AI-based threat detection through continuous analysis of user and entity behaviour to identify anomalies, insider threats, and advanced attacks, helping reduce response times.

Behavioural analytics, especially UEBA, helps healthcare organisations detect misuse of electronic medical records (EMRs). To reduce alert fatigue, many are adopting SOAR solutions to automate tasks and streamline incident response.

With the shift to the cloud, there’s growing demand for scalable, cloud-native security platforms. Embedding AI into Security Operations Centres (SOCs) is also transforming investigations and enabling faster, smarter threat response, crucial for future-ready healthcare cybersecurity.

Securonix is driving this innovation through the introduction of Securonix EON, a next-generation suite of AI-powered capabilities purpose-built for modern SOCs. EON features include insider threat psycholinguistics, which analyses communication patterns to flag potential malicious intent, adaptive threat modelling that evolves with emerging attack tactics, and InvestigateRX, which condenses complex data into actionable, context-rich insights for rapid triage.

These advancements equip healthcare organisations to proactively defend against internal and external threats, safeguard patient data, and maintain compliance with critical regulations like HIPAA and DISHA, all while significantly reducing analyst workload and improving operational efficiency.

Like 3

Dislike

Be a part of Elets Collaborative Initiatives. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook , connect with us on LinkedIn and follow us on Twitter , Instagram.

Disclaimer: The views and opinions expressed in this article are solely those of the author and do not necessarily reflect the official policy or views of any organisation. The content is intended for informational and educational purposes only and should not be construed as medical advice.

"Exciting news! Elets technomedia is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest insights!" Click here!