Is It Really Possible to Protect Your Health Data?

Uploaded on 2017-07-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The recent WannaCry attack on the British NHS attack was proof to the world that many of the fears around hacking and cybercrime are true. It reiterated the importance of data security, especially in health care fields, and it proved once more (there have been thousands of attacks on health care companies in the past) that there is a target on the backs of patients. Additionally, it demonstrated the absolute vulnerability of the current health care system and that data, even when protected by law, can be stolen and used against anyone.

This leads to appropriate concern from the public. There are so many systems in place to protect our information, yet hacks keep happening. This leads to the question: is data protection even possible? Is cybersecurity ultimately a waste of time when compared with the vast and dogged threats online? The answer is mixed.

The Question Lies with Health Care Providers
With the number of records breached in 2015 totaling over 112 million, health care hacking has reached almost epidemic levels, and this number can only be expected to grow in subsequent years. The Anthem incident alone resulted in the breach of 78 million records, and the NHS hack crippled vital health care systems. Hackers are growing savvy as to how the systems work, and fines and policy adjustments are proving to be insufficient in deterring cybercriminals from going after health care records.

Health care providers will need to adapt to several threats to prevent breaches, such as thoroughly training staff to counteract cybercriminal strategies and to prevent common mistakes of human error. It must be clear poor cybersecurity in the sector is not only a financial risk, but also a public health risk, and penalties need to reflect this fact. Medical devices will need to have their own set of standards and operate on closed systems to prevent further intrusions.

Health care providers will need time to implement changes, but only if they act immediately will the future of health care data be secure. Otherwise, it is quite possible criminals will be always one step ahead without having to put in too much effort.

On Your End, You Can Protect Yourself
From your home computer, you can certainly protect your health information. While the easiest solution is to simply not input health records into your computer whatsoever, that would be unrealistic for millions of people who have busy lives and need to be able to move quickly.

Standard firewalls and security software will keep out most hackers. Additionally, proper security procedures will ensure cybercriminals pick a far easier target. While health information is valuable, a single person’s set of data isn’t worth the opportunity cost to most hackers. The goal of this strategy is often simple deterrence. For those seeking extra safety, encrypting specific files and improving protections and verification measures on a home or business WiFi network will also help. Since social engineering is behind a great deal of attacks, as mentioned above, studying these tactics and knowing how to spot them will also keep the data holder stay safe from most threats.

Mobile Is Where the Threat Lies
For the average person, their smartphone or laptop is likely where their health data will be stolen. Many people use health apps and will access their health records (or similar data) online while outside of their homes. Sometimes they’ll do it without even thinking about it, setting apps or services to enter health data automatically.

This can place the data at risk through the use of sniffer programs, and while Virtual Private Networks and proxies are generally a good solution for this, many people aren’t using them currently. These attacks often happen almost automatically and without the immediate knowledge of the user, only revealing themselves after insurance fraud or identity theft occurs.
Additionally, there is a strong chance apps don’t have the best security. Some may even be scams or collect information as a matter of course, making a profit from collected data as opposed to charging for the app. Users should be aware of app permissions and consider avoiding intrusive programs.

As it stands, it is possible to protect health data, but only if governments, health care providers and individuals view it as a top priority and take the necessary steps to demonstrate this. The situation will likely change over the coming years (online threats are very much moving targets), but the need for protection will remain the same. Patients and professionals alike will need to remain vigilant to stay ahead, but the cost of not doing so is far too severe to consider.

About the Author: Sandra O'Hare is a blogger and writer who focuses primarily on cybersecurity and other types of tech issues. She knows the importance of health information and hopes governments and large organizations realize the vital need for strong cybersecurity measures before it’s too late.

 

« Snapchat Map Raises Child Safety Concern
Petya’s Ransomware Attacks Have Failed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Veeam

Veeam

Veeam is the leader in intelligent data management for the Hyper-Available Enterprise.

Secure Source

Secure Source

Secure Source specialise in search and recruitment for Cyber Security and Security Cleared markets.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

Cytek

Cytek

Cytek is a leading provider of cybersecurity and HIPAA compliance for dental practices and other industries.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.