Is It Really Possible to Protect Your Health Data?

Uploaded on 2017-07-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The recent WannaCry attack on the British NHS attack was proof to the world that many of the fears around hacking and cybercrime are true. It reiterated the importance of data security, especially in health care fields, and it proved once more (there have been thousands of attacks on health care companies in the past) that there is a target on the backs of patients. Additionally, it demonstrated the absolute vulnerability of the current health care system and that data, even when protected by law, can be stolen and used against anyone.

This leads to appropriate concern from the public. There are so many systems in place to protect our information, yet hacks keep happening. This leads to the question: is data protection even possible? Is cybersecurity ultimately a waste of time when compared with the vast and dogged threats online? The answer is mixed.

The Question Lies with Health Care Providers
With the number of records breached in 2015 totaling over 112 million, health care hacking has reached almost epidemic levels, and this number can only be expected to grow in subsequent years. The Anthem incident alone resulted in the breach of 78 million records, and the NHS hack crippled vital health care systems. Hackers are growing savvy as to how the systems work, and fines and policy adjustments are proving to be insufficient in deterring cybercriminals from going after health care records.

Health care providers will need to adapt to several threats to prevent breaches, such as thoroughly training staff to counteract cybercriminal strategies and to prevent common mistakes of human error. It must be clear poor cybersecurity in the sector is not only a financial risk, but also a public health risk, and penalties need to reflect this fact. Medical devices will need to have their own set of standards and operate on closed systems to prevent further intrusions.

Health care providers will need time to implement changes, but only if they act immediately will the future of health care data be secure. Otherwise, it is quite possible criminals will be always one step ahead without having to put in too much effort.

On Your End, You Can Protect Yourself
From your home computer, you can certainly protect your health information. While the easiest solution is to simply not input health records into your computer whatsoever, that would be unrealistic for millions of people who have busy lives and need to be able to move quickly.

Standard firewalls and security software will keep out most hackers. Additionally, proper security procedures will ensure cybercriminals pick a far easier target. While health information is valuable, a single person’s set of data isn’t worth the opportunity cost to most hackers. The goal of this strategy is often simple deterrence. For those seeking extra safety, encrypting specific files and improving protections and verification measures on a home or business WiFi network will also help. Since social engineering is behind a great deal of attacks, as mentioned above, studying these tactics and knowing how to spot them will also keep the data holder stay safe from most threats.

Mobile Is Where the Threat Lies
For the average person, their smartphone or laptop is likely where their health data will be stolen. Many people use health apps and will access their health records (or similar data) online while outside of their homes. Sometimes they’ll do it without even thinking about it, setting apps or services to enter health data automatically.

This can place the data at risk through the use of sniffer programs, and while Virtual Private Networks and proxies are generally a good solution for this, many people aren’t using them currently. These attacks often happen almost automatically and without the immediate knowledge of the user, only revealing themselves after insurance fraud or identity theft occurs.
Additionally, there is a strong chance apps don’t have the best security. Some may even be scams or collect information as a matter of course, making a profit from collected data as opposed to charging for the app. Users should be aware of app permissions and consider avoiding intrusive programs.

As it stands, it is possible to protect health data, but only if governments, health care providers and individuals view it as a top priority and take the necessary steps to demonstrate this. The situation will likely change over the coming years (online threats are very much moving targets), but the need for protection will remain the same. Patients and professionals alike will need to remain vigilant to stay ahead, but the cost of not doing so is far too severe to consider.

About the Author: Sandra O'Hare is a blogger and writer who focuses primarily on cybersecurity and other types of tech issues. She knows the importance of health information and hopes governments and large organizations realize the vital need for strong cybersecurity measures before it’s too late.

 

« Snapchat Map Raises Child Safety Concern
Petya’s Ransomware Attacks Have Failed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

Ridgeback Network Defense

Ridgeback Network Defense

Ridgeback is an enterprise security software platform that defeats malicious network invasion in real time. Ridgeback champions the idea that to defeat an enemy you must engage them.

ID Experts

ID Experts

ID Experts is a leading provider of identity protection and data breach services for companies and individuals throughout the USA.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Hyperwise Ventures

Hyperwise Ventures

Hyperwise Ventures lead seed investments in startups in the cyber security and enterprise software spaces.

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Security Risk Management (SRM)

Security Risk Management (SRM)

SRM provide a comprehensive security risk management service encompassing people, processes, technology, governance, compliance and risk management.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.