Health data breaches has been on the increase for some years now and 2015 was a record year with more than 1 out of 3 Americans having their data compromised. However, as people in the law enforcement and companies offering data security solutions witness 2016 may still break new records and what is worse it seems the targets have shifted towards SME´s handling healthcare data in any form.
Ebba Blitz, CEO of Alertsec Inc, Leesburg, VA, explains that large corporations have had laptop encryption as a default security measure for at least 10-15 years. As threats are trickling down to SMEs there is a huge increase in demand for security solutions for smaller entities. Such as health clinics, dental practices, health insurance broker. Anyone who handles health data is at risk for theft.
“Back in the days if a laptop was stolen it was the hardware that was of interest, now the information stored in laptop is the primary goal”
For many digital health startups for example, the focus may be on data privacy but security is overlooked, because there is this notion that you will fly under the “radar” for criminals. According to Mrs Blitz Privacy and Security go hand in hand, they are different sides of the coin. She mentions the huge risk SME´s take by overlooking appropriate security measures. Brian Krebs, former reporter at The Washington Post has stated that within 18 months 60% SME are out of business after a data breach because of the time and effort to clean up. This is time lost not selling, also lawsuits, fines and loss of trust from clients takes their toll.
There is an additional dimension to the security issues. With wearables collecting health data, and the IOT expected to contribute to the next revolution in digital health, this means that there will be more data from more sources. However, some like Mrs Blitz warns that with this fantastic capacity that IOT and smart homes will bring for personal health there is a sinister side. She warns that most devices have limited or no security and that these devices are opening up new entry points to your personal data. She asks rhetorically; who owns that health data, who has access to it legally, who would like to have it illegally and who is protecting that health data now. Where there is a problem there will be solutions.
