The digitization of healthcare presents a challenge in protecting personal health data, here’s what can be done
Digital is the way of the future for healthcare. Technology that allows patients to be connected at any time to world-class medical professionals is already upon us. Wearables that collect and share data about your activity, nutrition, and your body in general can aid in preventative care and lower overall healthcare costs.
The digital revolution taking place in healthcare could extend lives and provide more efficient health management.
But, this also means endless amounts of personal data ending up in the cloud or on servers at medical centers—vulnerable to bad actors.
What Could Happen?
Many wonder what the big deal is if the security of medical records is compromised. If word got out about that fungal infection in your toenails, it might be slightly embarrassing but not the end of the world. However, there are far bigger concerns surrounding our medical records.
Medical records are popular items on the Dark Web, where they’re purchased in bulk. These records contain vital information including: social security numbers; birthdates; addresses; family history; insurance information, medication, income tax information; and much more.
All of this is information that can potentially be used to guess account security questions, set up fraudulent accounts, and commit insurance or medication fraud. As if that wasn’t bad enough, information gathered concerning plastic surgery, previous mental or behavioral health issues, or past substance abuse problems could be used as blackmail.
The Threat Is Real
Electronic Health Records (EHRs) are already commonplace in the world of healthcare, and digitization is only moving forward. These records contain personal information that is meant to be shared—with the right people—by nature, making it vulnerable at several points.
In the first half of 2017 alone, $3.5 billion was invested in a total of 188 digital health companies. On top of that, wearable devices that record and share biometrics are becoming increasingly popular. Simply put, more data concerning our health and other private information is susceptible to hackers.
Furthermore, this data is often not adequately protected. A 2016 study by Ponemon Institute, an independent privacy research company, concluded, ”Eighty-nine percent of healthcare organizations had at least one data breach involving the loss or theft of patient data in the past 24 months.” Clearly something has to be done.
The easiest way to start keeping health data safe is the same way data Is protected in any other industry—by establishing a culture of security. Risk assessments that include an evaluation of data, devices, and systems that need protection help create such a culture. Identifying what is at greatest risk is a vital part of developing a security plan and making sure all team members buy in to the company’s vision of securing data is also essential.
Typically, healthcare companies are not equipped to handle their own security, so they enlist the help of companies like Virta Labs, a cyber security business that specializes in protecting health data and provides software to help businesses monitor threats and assess security.
Early anomaly detection is another way to be proactive about keeping health data secure, and advances in machine learning have made it even more effective. The India-based Gurucul has developed a User and Entity Behavior Analytics (UEBA) program that detects anomalous behavior such as abnormal spikes in activity or aberrant patterns of transaction, allowing for early intervention to secure data.
Protecting the Cloud
As previously stated, health data needs to be shared and accessible to many different parties. While this leaves the information open to attacks by third party intruders, encryption helps keep it safe. Encrypted data, even if stolen, is not worth the effort in many cases.
Encryption refers to the use of encrypted emails and channels of communication, as well as digital signatures, to share private information. Bitglass is a company that offers those working in healthcare ways to protect information on digital devices and in the cloud from data theft and spyware. It’s important that when data is encrypted it is not done in any discernible pattern otherwise the algorithm can be cracked and all or part of someone’s health data can be breached.
The Health Insurance Portability and Accountability Act (HIPAA) values encryption so highly that encrypted data that was accessed by hackers is not considered stolen. HIPAA states that encrypted data poses no real legal threat to the victims and labels the crime merely a “security breach.”
Despite their best efforts, many companies will still end up having their security bypassed. As a result, businesses must have a disaster recovery plan in their security plan and regularly review their policies and procedures.
Companies looking to shore up their cybersecurity often turn to Virtual Machine software (VMware). VMware offers two distinct solutions to security issues—it creates virtual desktops that can either create a decoy when a cyberattack is detected or create multiple backups of data which can be retrieved following the attack.
The ability to retrieve data after an attack is especially useful considering the proliferation of ransomware. In the case of ransomware attacks, the attacker gains access to a server, then encrypts it with his or her own key. Victims of the attack are forced to pay a ransom if they want to regain access to their data. Having data backed up on VMware eliminates this threat.
The future of digitized healthcare holds many promises. It enables doctors and their patients to keep better track of their health, makes healthcare available to more people at more times, and increases the likelihood of early detection of diseases. The counterbalance is the security risks it creates for personal data. However, as healthcare companies begin to universally adopt some of the aforementioned solutions, and security technology advances, such risks can be greatly decreased.