Cyber Criminals Thrive as the Pandemic Torments Healthcare
Health data has high value and a need for privacy protections, and the current pandemic has seen an increase in cyber attacks on health data repositories and systems. From the World Health Organisation to the European Union’s supercomputers conducting COVID-19 research, hackers have been attacking health technology systems at heightened levels. At the same time, new health data vulnerabilities are being introduced as an unintended byproduct of efforts to contain the virus. New approaches to secure data management, some of them leveraging distributed ledger technology, hold promise for addressing cyber vulnerabilities.
Despite controversies associated with surveillance technology, public health officials around the world are using contact tracing in attempt to flatten the curve. Issues around the security of contact data, and the governance of personal information in a public health crisis, have not been adequately addressed. How can we balance between society’s needs for safe containment of contagion, and the personal right to privacy and data security?
Frank Ricotta, the CEO of BurstIQ, is on the cutting edge of the distributed ledger technology focusing on managing sensitive data in the health sector. “We are 100% focused on the health space particularly around health data. We felt there is this whole new economy emerging around health particularly around a person and all these smart devices and AI and precision medicine” he shared in a recent webinar hosted by University of Oxford’s new Oxford Cyber Security for Business Leaders programme.
New permutations of ethical and epidemiological challenges are arising. For example, Ricotta mentioned the issuance of the so-called “Immunity Pass”, given to those who have recovered from COVID-19 and theoretically are resistant to reinfection. It’s a solution now advocated by Governments and generating possible uptake by major airlines, but one whose science remains to be proven at scale.
“Health data is still the most valuable data on the planet” Frank Ricotta, CEO of BurstIQ states, “I'd like to say that we [BurstIQ] build immutable health profiles of people, places and things and encourage transactions between them all using the power of blockchain”
“Cyber security is a constant threat...health tech companies...must implement change quickly” Caroline Hargrove, CTO Babylon Health
The connectedness of medical devices has revolutionised healthcare by enabling physicians to access and share health data with other healthcare providers. However, as soon as a medical device is connected to a network, it becomes a target to cyber criminals. INTERPOL recently announced that cyber criminals have been locking hospitals out of their critical systems during the pandemic in ransomware attacks, thus preventing healthcare workers from providing swift medical response to their patients that could directly lead to deaths.Dr Caroline Hargrove, the CTO of Babylon, the digital health specialist, tells us that “Cyber security is a constant threat, but particularly in this time of pandemic where health tech companies are under a lot of pressure and must implement change quickly, the risk of security vulnerabilities is increased”.
With more than 41.4 million patient records breached by 572 healthcare data breaches in 2019 according to the latest Protenus Breach Barometer, we inevitably ask who is responsible for cyber security within an organisation. Dr Hargrove explains “This is definitely a senior leadership responsibility. Ideally, an organisation has a role of Chief Information Security Officer (CISO), reporting to the COO, CTO or CEO. This person should coordinate all the activities related to securing the information in a company, including cyber-security".
Health organisations would benefit from greater cyber awareness and cyber literacy. They can both better secure the sensitive patient data they hold, and also unlock new methods of addressing public health in a more effective fashion, when they explore the cyber future.
The Oxford Cyber Security for Business Leaders programme prepares business leaders, from all industries to develop holistic, company-wide, customer-centric, strategies around cyber security.