The growing caution among hospitals is being driven by a rise in double-extortion ransomware attacks, AI-enabled phishing, deepfake fraud, and vulnerabilities in connected medical devices.

IMAGE: Apollo Hospitals. Photograph: ANI

With rising cyberattacks, major hospitals are now allocating 8 to 10 per cent of their information technology budgets to cybersecurity, nearly double the 4 to 7 per cent allocation in 2021, sector watchers said.

These allocations are expected to rise further to 12 to 15 per cent by 2027, said Vineet Dhawan, CEO, DCT Inc and dcafé. DCT Inc is an IT services company.

Dhawan added that the demand for artificial intelligence-driven cybersecurity tools, particularly AI-powered security information and event management platforms, has increased by 40 per cent year-on-year since 2023.

“Nearly half of this demand is now coming from Tier-II and Tier-III cities,” Dhawan noted, attributing the spike to high-profile breaches such as those at Apollo Hospitals in 2021 and the All India Institute of Medical Sciences in 2022, as well as to stricter regulatory mandates — including the six-hour breach disclosure rule from the Indian Computer Emergency Response Team (CERT-In) and new data security clauses under the Ayushman Bharat Digital Mission.

The growing caution among hospitals is being driven by a rise in double-extortion ransomware attacks, AI-enabled phishing, deepfake fraud, and vulnerabilities in connected medical devices.

Leading private hospitals are already responding to this shift.

Apollo Hospitals, one of India’s largest healthcare providers, currently allocates 11 per cent of its IT budget to cybersecurity.

“This allocation has been increasing consistently by 1 to 1.5 per cent annually, and we expect that trend to continue over the next three years,” said Ashokkan Somuveerappan, chief information officer at Apollo Hospitals.

The increased allocation is part of Apollo’s broader Cybersecurity Posture Vision 2.0, he added, which focuses on continuous improvement, compliance with emerging regulations, and support for new technology investments.

The C K Birla Hospital dedicates 15 per cent of its IT budget to cybersecurity and compliance.

“Cybersecurity in healthcare is not just a defensive necessity — it’s a strategic investment in patient safety, operational resilience, and long-term cost reduction,” said Binod Madhab Samal, vice-president of product and technology at CK Birla Hospital.

According to Samal, the high value of medical data and the essential nature of healthcare services make hospitals prime targets for cybercriminals.

Attacks such as ransomware, data breaches, and phishing have become more frequent and sophisticated, prompting hospitals to respond with greater urgency and higher spending.

AI is emerging as a key tool in the healthcare industry’s cybersecurity arsenal. Both Apollo and CK Birla have either integrated AI-powered tools or are in the process of expanding their use.

“AI is already part of our security infrastructure, and we plan to augment it further in line with our cyber vision,” said Somuveerappan.

Samal echoed this, noting that AI-powered cybersecurity offers “speed, scalability, precision, and predictive capabilities” that are essential in today’s high-stakes healthcare environment.

This growing reliance on AI is consistent with broader industry trends.

As cyberattacks continue to evolve and the digital transformation of healthcare accelerates, industry experts agree that AI will become indispensable in building predictive, autonomous, and adaptive defences.

“We are moving from reactive to proactive cybersecurity,” said Dhawan.

“AI will increasingly allow hospitals to detect and respond to threats before any damage is done, while also helping bridge the critical cyber talent gap in India’s healthcare ecosystem.”

With cyber threats becoming more commonplace and digital health adoption accelerating, companies like DCT are actively expanding their presence in the healthcare sector, forging partnerships with national hospital chains, state e-health missions, and medical technology original equipment manufacturers.

Feature Presentation: Ashish Narsale/Rediff