Is It Really Possible to Protect Your Health Data?

Uploaded on 2017-07-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The recent WannaCry attack on the British NHS attack was proof to the world that many of the fears around hacking and cybercrime are true. It reiterated the importance of data security, especially in health care fields, and it proved once more (there have been thousands of attacks on health care companies in the past) that there is a target on the backs of patients. Additionally, it demonstrated the absolute vulnerability of the current health care system and that data, even when protected by law, can be stolen and used against anyone.

This leads to appropriate concern from the public. There are so many systems in place to protect our information, yet hacks keep happening. This leads to the question: is data protection even possible? Is cybersecurity ultimately a waste of time when compared with the vast and dogged threats online? The answer is mixed.

The Question Lies with Health Care Providers
With the number of records breached in 2015 totaling over 112 million, health care hacking has reached almost epidemic levels, and this number can only be expected to grow in subsequent years. The Anthem incident alone resulted in the breach of 78 million records, and the NHS hack crippled vital health care systems. Hackers are growing savvy as to how the systems work, and fines and policy adjustments are proving to be insufficient in deterring cybercriminals from going after health care records.

Health care providers will need to adapt to several threats to prevent breaches, such as thoroughly training staff to counteract cybercriminal strategies and to prevent common mistakes of human error. It must be clear poor cybersecurity in the sector is not only a financial risk, but also a public health risk, and penalties need to reflect this fact. Medical devices will need to have their own set of standards and operate on closed systems to prevent further intrusions.

Health care providers will need time to implement changes, but only if they act immediately will the future of health care data be secure. Otherwise, it is quite possible criminals will be always one step ahead without having to put in too much effort.

On Your End, You Can Protect Yourself
From your home computer, you can certainly protect your health information. While the easiest solution is to simply not input health records into your computer whatsoever, that would be unrealistic for millions of people who have busy lives and need to be able to move quickly.

Standard firewalls and security software will keep out most hackers. Additionally, proper security procedures will ensure cybercriminals pick a far easier target. While health information is valuable, a single person’s set of data isn’t worth the opportunity cost to most hackers. The goal of this strategy is often simple deterrence. For those seeking extra safety, encrypting specific files and improving protections and verification measures on a home or business WiFi network will also help. Since social engineering is behind a great deal of attacks, as mentioned above, studying these tactics and knowing how to spot them will also keep the data holder stay safe from most threats.

Mobile Is Where the Threat Lies
For the average person, their smartphone or laptop is likely where their health data will be stolen. Many people use health apps and will access their health records (or similar data) online while outside of their homes. Sometimes they’ll do it without even thinking about it, setting apps or services to enter health data automatically.

This can place the data at risk through the use of sniffer programs, and while Virtual Private Networks and proxies are generally a good solution for this, many people aren’t using them currently. These attacks often happen almost automatically and without the immediate knowledge of the user, only revealing themselves after insurance fraud or identity theft occurs.
Additionally, there is a strong chance apps don’t have the best security. Some may even be scams or collect information as a matter of course, making a profit from collected data as opposed to charging for the app. Users should be aware of app permissions and consider avoiding intrusive programs.

As it stands, it is possible to protect health data, but only if governments, health care providers and individuals view it as a top priority and take the necessary steps to demonstrate this. The situation will likely change over the coming years (online threats are very much moving targets), but the need for protection will remain the same. Patients and professionals alike will need to remain vigilant to stay ahead, but the cost of not doing so is far too severe to consider.

About the Author: Sandra O'Hare is a blogger and writer who focuses primarily on cybersecurity and other types of tech issues. She knows the importance of health information and hopes governments and large organizations realize the vital need for strong cybersecurity measures before it’s too late.

 

« Snapchat Map Raises Child Safety Concern
Petya’s Ransomware Attacks Have Failed »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

Get Indemnity

Get Indemnity

Get Indemnity are specialist insurance brokers with experience working on a wide range of innovative business insurance products that combine risk management, indemnity and incident response services.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Digital Catapult

Digital Catapult

Digital Catapult is the UK authority on advanced digital technology. We bring out the best in business by accelerating new possibilities with advanced digital technologies.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

Red Alpha Cybersecurity

Red Alpha Cybersecurity

At Red Alpha, we specialize in recruiting and rigorously training individuals passionate about cybersecurity.

Attaxion

Attaxion

Attaxion is an External Attack Surface Management (EASM) Platform. We offer attack surface management solutions with #1 asset coverage and laser-focused, actionable intelligence.

Bonfy.AI

Bonfy.AI

Bonfy.AI prevents incidents in the use and communication of AI and human generated content, providing visibility and proactive risk mitigation of confidentiality, privacy, and compliance.