Is It Really Possible to Protect Your Health Data?

Uploaded on 2017-07-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The recent WannaCry attack on the British NHS attack was proof to the world that many of the fears around hacking and cybercrime are true. It reiterated the importance of data security, especially in health care fields, and it proved once more (there have been thousands of attacks on health care companies in the past) that there is a target on the backs of patients. Additionally, it demonstrated the absolute vulnerability of the current health care system and that data, even when protected by law, can be stolen and used against anyone.

This leads to appropriate concern from the public. There are so many systems in place to protect our information, yet hacks keep happening. This leads to the question: is data protection even possible? Is cybersecurity ultimately a waste of time when compared with the vast and dogged threats online? The answer is mixed.

The Question Lies with Health Care Providers
With the number of records breached in 2015 totaling over 112 million, health care hacking has reached almost epidemic levels, and this number can only be expected to grow in subsequent years. The Anthem incident alone resulted in the breach of 78 million records, and the NHS hack crippled vital health care systems. Hackers are growing savvy as to how the systems work, and fines and policy adjustments are proving to be insufficient in deterring cybercriminals from going after health care records.

Health care providers will need to adapt to several threats to prevent breaches, such as thoroughly training staff to counteract cybercriminal strategies and to prevent common mistakes of human error. It must be clear poor cybersecurity in the sector is not only a financial risk, but also a public health risk, and penalties need to reflect this fact. Medical devices will need to have their own set of standards and operate on closed systems to prevent further intrusions.

Health care providers will need time to implement changes, but only if they act immediately will the future of health care data be secure. Otherwise, it is quite possible criminals will be always one step ahead without having to put in too much effort.

On Your End, You Can Protect Yourself
From your home computer, you can certainly protect your health information. While the easiest solution is to simply not input health records into your computer whatsoever, that would be unrealistic for millions of people who have busy lives and need to be able to move quickly.

Standard firewalls and security software will keep out most hackers. Additionally, proper security procedures will ensure cybercriminals pick a far easier target. While health information is valuable, a single person’s set of data isn’t worth the opportunity cost to most hackers. The goal of this strategy is often simple deterrence. For those seeking extra safety, encrypting specific files and improving protections and verification measures on a home or business WiFi network will also help. Since social engineering is behind a great deal of attacks, as mentioned above, studying these tactics and knowing how to spot them will also keep the data holder stay safe from most threats.

Mobile Is Where the Threat Lies
For the average person, their smartphone or laptop is likely where their health data will be stolen. Many people use health apps and will access their health records (or similar data) online while outside of their homes. Sometimes they’ll do it without even thinking about it, setting apps or services to enter health data automatically.

This can place the data at risk through the use of sniffer programs, and while Virtual Private Networks and proxies are generally a good solution for this, many people aren’t using them currently. These attacks often happen almost automatically and without the immediate knowledge of the user, only revealing themselves after insurance fraud or identity theft occurs.
Additionally, there is a strong chance apps don’t have the best security. Some may even be scams or collect information as a matter of course, making a profit from collected data as opposed to charging for the app. Users should be aware of app permissions and consider avoiding intrusive programs.

As it stands, it is possible to protect health data, but only if governments, health care providers and individuals view it as a top priority and take the necessary steps to demonstrate this. The situation will likely change over the coming years (online threats are very much moving targets), but the need for protection will remain the same. Patients and professionals alike will need to remain vigilant to stay ahead, but the cost of not doing so is far too severe to consider.

About the Author: Sandra O'Hare is a blogger and writer who focuses primarily on cybersecurity and other types of tech issues. She knows the importance of health information and hopes governments and large organizations realize the vital need for strong cybersecurity measures before it’s too late.

 

« Snapchat Map Raises Child Safety Concern
Petya’s Ransomware Attacks Have Failed »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

ISC2

ISC2

ISC2 is an international, non-profit membership association for information security leaders. Our information security certifications are recognized as the global standard for excellence.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

idappcom

idappcom

idappcom provides unique industry approved software solutions for auditing and enhancing the threat recognition and response capabilities of your corporate security defences.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

Bright Security

Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing (DAST) solution that helps organizations ship secure applications and APIs quickly and cost-effectively.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

Silverse

Silverse

At Silverse, we specialize in building a comprehensive cybersecurity journey, anchored by our extensive experience, industry expertise, and an ecosystem of trusted partners.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

Scinary Cybersecurity

Scinary Cybersecurity

Scinary was founded in 2015 on the premise that cybersecurity should not be limited to just large corporations or large government entities.

Lattica

Lattica

Lattica provides a cryptography solution for privacy-preserving interaction with AI services.

Esentry

Esentry

Esentry systems is a managed security service provider with focus on continuous security monitoring, threat detection, threat analysis and cybersecurity compliance.

RevEng.AI

RevEng.AI

RevEng.AI is designed to rigorously validate the integrity of software supply chains at a binary level, ensuring uncompromising security and trustworthiness in digital ecosystems.