Is It Really Possible to Protect Your Health Data?

Uploaded on 2017-07-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The recent WannaCry attack on the British NHS attack was proof to the world that many of the fears around hacking and cybercrime are true. It reiterated the importance of data security, especially in health care fields, and it proved once more (there have been thousands of attacks on health care companies in the past) that there is a target on the backs of patients. Additionally, it demonstrated the absolute vulnerability of the current health care system and that data, even when protected by law, can be stolen and used against anyone.

This leads to appropriate concern from the public. There are so many systems in place to protect our information, yet hacks keep happening. This leads to the question: is data protection even possible? Is cybersecurity ultimately a waste of time when compared with the vast and dogged threats online? The answer is mixed.

The Question Lies with Health Care Providers
With the number of records breached in 2015 totaling over 112 million, health care hacking has reached almost epidemic levels, and this number can only be expected to grow in subsequent years. The Anthem incident alone resulted in the breach of 78 million records, and the NHS hack crippled vital health care systems. Hackers are growing savvy as to how the systems work, and fines and policy adjustments are proving to be insufficient in deterring cybercriminals from going after health care records.

Health care providers will need to adapt to several threats to prevent breaches, such as thoroughly training staff to counteract cybercriminal strategies and to prevent common mistakes of human error. It must be clear poor cybersecurity in the sector is not only a financial risk, but also a public health risk, and penalties need to reflect this fact. Medical devices will need to have their own set of standards and operate on closed systems to prevent further intrusions.

Health care providers will need time to implement changes, but only if they act immediately will the future of health care data be secure. Otherwise, it is quite possible criminals will be always one step ahead without having to put in too much effort.

On Your End, You Can Protect Yourself
From your home computer, you can certainly protect your health information. While the easiest solution is to simply not input health records into your computer whatsoever, that would be unrealistic for millions of people who have busy lives and need to be able to move quickly.

Standard firewalls and security software will keep out most hackers. Additionally, proper security procedures will ensure cybercriminals pick a far easier target. While health information is valuable, a single person’s set of data isn’t worth the opportunity cost to most hackers. The goal of this strategy is often simple deterrence. For those seeking extra safety, encrypting specific files and improving protections and verification measures on a home or business WiFi network will also help. Since social engineering is behind a great deal of attacks, as mentioned above, studying these tactics and knowing how to spot them will also keep the data holder stay safe from most threats.

Mobile Is Where the Threat Lies
For the average person, their smartphone or laptop is likely where their health data will be stolen. Many people use health apps and will access their health records (or similar data) online while outside of their homes. Sometimes they’ll do it without even thinking about it, setting apps or services to enter health data automatically.

This can place the data at risk through the use of sniffer programs, and while Virtual Private Networks and proxies are generally a good solution for this, many people aren’t using them currently. These attacks often happen almost automatically and without the immediate knowledge of the user, only revealing themselves after insurance fraud or identity theft occurs.
Additionally, there is a strong chance apps don’t have the best security. Some may even be scams or collect information as a matter of course, making a profit from collected data as opposed to charging for the app. Users should be aware of app permissions and consider avoiding intrusive programs.

As it stands, it is possible to protect health data, but only if governments, health care providers and individuals view it as a top priority and take the necessary steps to demonstrate this. The situation will likely change over the coming years (online threats are very much moving targets), but the need for protection will remain the same. Patients and professionals alike will need to remain vigilant to stay ahead, but the cost of not doing so is far too severe to consider.

About the Author: Sandra O'Hare is a blogger and writer who focuses primarily on cybersecurity and other types of tech issues. She knows the importance of health information and hopes governments and large organizations realize the vital need for strong cybersecurity measures before it’s too late.

 

« Snapchat Map Raises Child Safety Concern
Petya’s Ransomware Attacks Have Failed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

Ambersail

Ambersail

Ambersail provide Penetration Testing and Cyber Security Compliance services.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

National Cybersecurity Hub South Africa

National Cybersecurity Hub South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

Exterro

Exterro

Exterro is a leading provider of e-discovery and information governance software specifically designed for in-house legal, privacy and IT teams at Global 2000 and Am Law 200 organizations.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Trenton Systems

Trenton Systems

Trenton Systems are committed to providing high-performance computing solutions to customers running mission-critical applications in harsh settings worldwide and across various industries.

Primary Guard

Primary Guard

Primary Guard provides IT solutions and computing technologies that help minimize impact from cyber threats, improve business efficiency and maintain essential functions during or after a disaster.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

KBE Information Security

KBE Information Security

KBE is a global consulting firm, with offices in Toronto and Milan, which specializes in the area of IT and information security with over 20 years of experience.