The Cyber Secure Institute, an analysis and advocacy institute for effective cyber security, has released recommendations for safeguarding heath data in the wake of recent breaches.
Last month, hackers broke into a Virginia government Web site that tracks prescription drug abuse and attempted to ransom almost 8.3 million patient records and 35.5 million prescriptions for $10 million. And last December, Lawanda Jackson pleaded guilty to violating federal privacy laws by selling private medical data from celebrities, including Britney Spears, Farah Fawcett and Maria Shriver, to the National Enquirer tabloid.
Last October, someone hacked into Express Scripts, one of America's largest processors of pharmacy prescriptions, and threatened to release personal information of millions of Americans unless their demands were met. That investigation is ongoing.
"These recent attacks provide cause for real concern among cybersecurity experts and healthcare professionals alike. Inadequate cybersecurity systems put our most personal data at risk," said Rob Housman, executive director of the Cyber Secure Institute.
Housman said the problem "is likely to get exponentially worse – unless drastic changes are made." He recommends that any e-health system be built upon certified, secure, best-available IT technologies.
The National Security Agency has certified two technologies – the Integrity Global Security operating platform and the Tenix Interactive Link Device – as being secure against sophisticated, hostile, well-funded attacks. Only systems that are tested, proven and certified at high levels of security robustness should be trusted with the nation's private healthcare information, Housman said.
Housman also recommended any move to e-health be accompanied by a range of protections to ensure the privacy of data, including:
- a trust fund, which could be funded by healthcare corporation user fees, that would be available to assist victims of e-health data breaches.
- a national e-health data integrity oversight office charged with ensuring that healthcare IT systems are secure and using the best available protection, and which would investigate allegations of data breaches or data misuse;
- and statutory protections making it clear that victims of health data breaches can recover all damages associated withe-health violations, including loss of employment, loss of insurance, harm to reputation and other similar damages.
Photo obtained under Creative Commons license.
