View from Peter Lancos, CEO
"Welcome to another edition of eXate's Global Data Diaries series, a fortnightly blog series that aims to bring you the latest news, tips and insights from the world of data and data privacy. This week, we discuss why data security should be a top priority for the healthcare industry.
The healthcare industry is very susceptible to data breaches in today’s all-pervasive digital world. These can be caused by many different types of incidents, including credential-stealing malware, an insider who either purposefully or accidentally discloses patient data, or lost laptops or other devices.
Current research suggests that Personal Health Information (PHI) is more valuable than Personally Identifiable Information (PII) to adversaries, therefore offering much higher incentive to the black market when healthcare institutions are targeted for data-related attacks. Some reasons PHI is probably more valuable than PII are:
Criminals can use it to target victims with frauds and scams that take advantage of the victim’s medical conditions or victim settlements
It can also be used to create fake insurance claims, allowing for the purchase and resale of medical equipment
Some criminals use PHI to illegally gain access to prescriptions for their own use or resale
Data breaches in the healthcare industry can be prevented by using the correct application and network security. Encryption is the best way to protect patient data from being accessed once someone has found their way onto healthcare systems. Data, both, in rest and in transit needs to be encrypted to ensure maximum security. It is also important that third parties and vendors who have access to healthcare databases properly handle PHI. Additionally, the Federal HIPAA Security Rule requires health service providers to protect electronic health records (EHR) using proper physical and electronic safeguards to ensure the safety of health information.
Data Breaches: In the Healthcare Sector
Breaches are widely observed in the healthcare sector. These can be caused by many different types of incidents, including credential-stealing malware, an insider who either purposefully or accidentally discloses patient data, or lost laptops or other devices.
Privacy and Data Protection – The Year of Privacy Framework Implementation
For those involved in supporting a privacy and data protection program, continued expansion of new regulatory requirements will likely be the biggest trend in the coming year. Whether it be new laws being discussed, pending, or already in place such as those in a U.S. state or at the country or regional level – privacy experts and the organizations they support cannot escape the constant change.
Data privacy watchdog defends record on enforcing EU rules
Data Protection Commissioner Helen Dixon has defended her record on enforcing EU data privacy laws, saying Ireland needed to stand up for the regulator and results it has achieved so far.