Last year’s Heartbleed data breach exposed one of the latest dangers of living in a digitized world. With the entire healthcare system becoming increasingly reliant upon digital organizational systems, a patient’s most private information — prescriptions, records, communications, you name it — is vulnerable to hacks. While doctor-patient confidentiality and HIPAA legislation aim to keep your information from falling into the wrong hands, the rise of the Internet of Things and improved Internet connectivity across the board allows for data to spread through new and unpredictable digital channels.
Illegally obtained medical records promise huge sums of money on the black market, more so than customer or banking information, or even risque photos of famous celebrities. Certain kinds of personal information are very valuable for those wanting to pose as someone else in order to obtain medical care. And although there are dozens of cybersecurity-related legislative proposals before Congress, and some amendments have been made to certain pre-existing legislation, there is still much work to be done to safeguard patients against future health care data scandals.
The Heartbleed “mishap” incited a wave of widespread privacy and identity-theft panic from those within the healthcare sector, as well as from other professionals who were later held culpable for the dataleaks. It has become glaringly obvious that thousands of servers are vulnerable to attacks from outside intruders, and it’s also clear that unsophisticated Secured Sockets Layer (SSL) certificates are, perhaps, not as safe as experts believed (and vastly inferior to CryptoComply modules).
The real question, then, is what can healthcare companies and individuals do to safeguard themselves against similar hacking attacks in the future? Some are confident that newly drafted legislation like FedRAMP, and amendments made to pre-existing laws, might be helpful towards that end. Ideally, the FedRAMP regulations will adequately address common security concerns, such as multi-tenancy and shared resource pooling, and provide a standard set of regulations that would ensure secure cloud usage in the Healthcare industry.
Whether FedRAMP or the amendments made to HIPAA will work adequately to keep patients safer remains to be seen. Devices are emerging that have the ability to record DNA, heartbeat patterns, and a myriad of similar unchangeable aspects from our very person. Instead of solely responding to current issues and security breaches, startups and tech industries need to begin having the conversation now regarding exactly how users will be protected from technology that won’t arrive for another decade.
In terms of current devices, much of the concern surrounds increasingly automated networks connected to the “IoT” or “Internet of Things.” Its deployment in other industries, such as home security and home automation, suggest that it will be a powerful force as the healthcare industry re calibrates itself to adjust to new digital technologies.
Rohit Sethi, vice president of security firm Security Compass said, “Maybe down the road our heartbeat, for example, becomes the main way we prove our identities. And if we didn’t protect it 10 years ago, we don’t have a way of correcting it. So we have to treat it as serious now because we can’t predict the future.”
Sethi has a point, perhaps even a frightening one. Sethi cites startups (the companies creating the latest apps and storage systems) as a particularly worrisome area. While established companies have spent years understanding security breaches, startups and young, motivated techies are concerned about the innovation of the product first, and user security after.
Sethi predicted that, unless strong regulations are implemented and upheld, everything from medical information to our DNA fingerprints could all become subject to theft and misuse. “You can get a credit card reissued” Sethi said. “But you can’t reset your heartbeat or your DNA.”
Technological devices play a crucial role in the diagnosis and treatment of many patients, but they not the panacea many tech innovators might hope for. Ultimately, new technology poses as many problems as it solves, as healthcare providers and physicians attempt to keep up while maintaining a high level of patient care.