By Milica D. Djekic
Anyone using emerging technologies would more or less deal with the data. Data are everywhere around us and what’s important to know – we should care about their security. So, what are the data? Data could get assumed as content that could be somehow known to the user. Many experts would agree that content we are familiar with could get called data and – on the other hand, something being new to us is the information. Sooner or later – any content would get known to us – so, we would realize that we deal with the data and not that common with the information.
The quite significant thing to take into consideration is data security. Why that matters? First, in this digital age, any content would have its monetary value – so, many malicious actors could try to sell some data being obtained through the hacker’s activities on the black market. For instance, it’s well known that the financial institutions are so usual target to the cybercrime organizations because their resources got quite a good price anywhere.
On the other hand, many financial organizations would get aware of the threat and they would invest a lot of time and money in order to prevent data theft. Also, no bank would be happy to share their clients’ confidential information with anyone for a reason that could affect their reputation.
If your reputation goes low, people would less trust you and you would lose your clients for a while. This is especially risky for business continuity, because if the hackers find a way to exploit your weaknesses – they could cause your business collapses. The similar situation is in the medical sector where staff would deal with poor IT skills and usually not follow the good cyber defense practice.
In other words, the healthcare organizations would get the easy catch to cybercriminals who would slightly obtain the sensitive data and sell them for 10 to 20 times better price in comparison with the bank’s details on the black market. The role of this article is to provide a comprehensive insight into the security of healthcare data and try to explain why those data are so appreciated worldwide.
Just try to imagine someone’s medical record and all the useful information about the patient, the history of his medical conditions and the applied healthcare treatments being provided into that sort of data record.
You would agree that no one would want to share such private information with the untrusted actors and everyone would vote for the best possible protection of those details. Also, you should get aware that such a comprehensive document would get so attractive to the black market which members would get ready to offer the good amounts of money in order to get in a possession of that valuable information. The modern healthcare applications would commonly be the cloud-based ones and you would normally need to know someone’s account username and password in order to make access to that IT environment.
In addition, those sorts of systems could get correlated with so many advantages such are a convenience, flexibility, user-friendly surrounding and so intuitive asset, but – on the other hand – these solutions would deal with the quite weak security. Maybe that’s the price we are supposed to pay in order to make a progress in our historical development – so, usability would always make people choose one technology over another and sooner and later – they would realize that the security is something that would dictate the new trends and tendencies. Some people would say that the sophistication is the ultimate requirement, but we would only add – that’s accurate only if it copes well with the defense.
In our opinion, one of the biggest challenges to the healthcare IT systems could be access control. Also, what we can recognize as a concern is the part of the world with a higher level of corruption within its societies. That’s important for a reason that so many medical professionals would get created the account with some healthcare IT application and they could sell their login details to some criminal organizations. In some cases, those healthcare professionals could act as the insider’s threats attempting to make harm to their employers.
Also, as it’s well known – many organizations would follow the best security practice and issue the instruction to their staff to periodically change the passwords coping with the well-defined defense procedure. In such a case, those insider’s threats could serve as permanent collaborators to the black market, because they could release the confidential information, say, every 3 months and also contribute as medical advisors to those organized crime or terrorist groups. In other words, it’s not the rare case that in the lower-budget level counties – doctors would sell all they know in order to obtain some sort of financial advantage. Finally, we would like to discuss why any way of good access control is so important to those cloud-based medical applications.
First, the access control is getting the must within so many commercial IT solutions and we expect that would get the case with the software dealing with the medical records. Also, the tendencies would suggest that so many IT industry leaders would propose the e-mail and SMS verification as a way of obtaining reliable access control. In both cases – the absolute security is not promised, but let’s says at this stage of our technological development – but, also – it’s quite satisfactory if we talk about today’s security demands.
Finally, it’s important to mention that the medical records are so sensitive and quite expensive resources and any sort of crime being linked with them could be so critical to some organization and potentially country. In other words, many governmental agencies worldwide would recognize the medical sector as critical infrastructure and invest a lot of effort in order to protect that strategically important information. Also, it’s good to know that the modern healthcare IT assets are still the easy target to the cyber underground, so in such a way – it’s good to raise awareness about the possible complications that can occur if such an infrastructure gets hacked.
About the Author
Milica is a frequent contributor to Cyber Defense Magazine and well-respected cybersecurity professional. Since Milica Djekic graduated at the Department of Control Engineering at University of Belgrade, Serbia, she’s been an engineer with a passion for cryptography, cybersecurity, and wireless systems. Milica is a researcher from Subotica, Serbia. She also serves as a Reviewer at the Journal of Computer Sciences and Applications and. She writes for American and Asia-Pacific security magazines. She is a volunteer with the American corner of Subotica as well as a lecturer with the local engineering society.