Healthcare, Data Privacy, Post-Roe and the role of cybersecurity

We live in a time when the depth of data we share every day is unprecedented. Technology has never been so advanced, but our lives have never been so easily exposed. The health sector remains one of the highest targeted for cybercrime. It's a particularly vulnerable one, as they possess sensitive information on people's health, finances, and more. As technology changes how healthcare is experienced, the risks surrounding data management evolve as well. 

Increasing (and concerning!) Data Breaches 

In 2021, the healthcare industry hit a record number of breaches. More than 45 million people were affected, exposing an unprecedented amount of patients' protected health information (PHI), according to a report from Critical Insights.

2022 has already registered worrying numbers and a record increase. A report by the U.S. has shown that the number of cyber attacks in the health sector this year has nearly doubled compared to the same period last year. The 94% increase in data leaks targeting hospitals raises concerns of privacy experts related to how the world will handle data protection and hospital care in the future. One example is the Yuma Breach. The medical centre in Arizona suffered a ransomware attack that resulted in the exposure of data of around 700,000 patients.

Data breaches in the health care sector are not only getting more frequent but also more expensive, surpassing all other industries. IBM's security's annual Cost of a Data Breach Report showed that a healthcare leak can reach a cost of $10M. The company analysed data from March 2021 to March 2022 to conclude that healthcare has had the highest financial cost for 12 consecutive years when it comes to cybercrime. Financial damages come with organisational and legal consequences that can last for years. To give an example, CA Health System has recently reached a $340K price to settle a class-action lawsuit over a 2020 leak. 
 

The impact of Data Privacy in a Post-Roe world 

Another recent development involving health and data privacy is Roe vs Wade. Since the U.S. Supreme Court ruled that abortion access wasn't a constitutional right, digital privacy has been on the spot or, more specifically, the use and role of technology to guarantee privacy in this scenario. Concerns include shirking surveillance to avoid both prosecution and exposure. Practices vary from using burner email addresses and coded language, deleting period tracking apps, and many other kinds of techniques to protect identities and personal information while recording or browsing specific content, such as details on when their period starts, stops, or anything that could potentially indicate the beginning or the end of a pregnancy. With the new regulations, we're talking about the kind of thing that could eventually be used to penalise women considering abortion in states where the procedure has already been banned or restricted. Nathan Wessler, the deputy project director of the Speech, Privacy and Technology Project at the American Civil Liberties Union, predicts that we're likely to see investigations into people seeking medical care in states that are banning abortion.

Many organisations are worried about the impact of it all and coming up with plans to better protect women's data when it's a matter of reproductive health. Bans or limitations on the usage of health apps affect the lives of those who are used to monthly registering their cycles using popular tracking apps such as Flo. With 43 million active users, the company claims to be working on an "anonymous mode" feature to quell post-Roe concerns. Susanne Schumacher, Data Protection Officer, states that "Flo will always stand up for the health of women, and this includes providing our users with full control over their data".

However, period tracking apps are not the only concern, when all sources of digital trails are traceable, such as text messages, browser histories, and emails, all commonly used in investigations. Shortly after the ban, Google also announced that the company would be promptly deleting users’ location history around abortion clinics.

The role of Cybersecurity 

Data Privacy is an indispensable element of the future of health. The healthcare sector is particularly affected when most countries still don't have a defined and comprehensive legal framework to determine how private entities and enterprises should protect people's data. Hospital and health care facilities can benefit from taking steps to upgrade their cybersecurity practices to better detection and response in case of attacks. In the case of such organisations, including third-party vendors that might have access to data and networks is crucial as well.  

One of the concerns is how easily websites and apps gather and keep sensitive information, especially when so many companies do not have an effective cybersecurity policy. Fellow infosec professionals worry about the misuse of such data and about the importance of guaranteeing that technology is being used to improve both patient care and safety.

We're wide aware that there's still a long way to go, but technology is an ally to building a future where data privacy is also a right.

 Take a sneak peek into what the future of protected data looks like.