According to recent figures, 1 in 8 people have suffered a healthcare data breach.
This is very worrying as healthcare data can be very private and sensitive information, and it can also be a goldmine for cyber-criminals.
Off the back of Friday’s monumental ransomware attack that hit almost one hundred countries around the world, and brought the NHS to an almost standstill, this is very worrying news.
What data is breached?
According to a survey reported by ComputerWeekly, 1 in 8 people in England alone have had their private information stolen from systems that lack cyber-security. 1 in 4 had their National Insurance numbers compromised, and 18% saw their biometric identifiers compromised. Biometric identifiers are distinctive, measurable characteristics that are used to label and describe an individual; examples include fingerprint, face recognition, DNA etc…
According to 82% of the victims, they believed that the stolen data was used in further fraudulent activity.
DPA principles
Of the thousand people surveyed, 78% believe healthcare providers should be responsible for protecting this kind of information. This is supported by the Data Protection Act (DPA). It notes that data controllers have the responsibility to do so, and make sure that information they hold is:
- Used fairly and lawfully;
- Used for limited, specifically stated purposes;
- Used in a way that is adequate, relevant and not excessive;
- Accurate;
- Kept for no longer than is absolutely necessary;
- Handled according to people’s data protection rights;
- Kept safe and secure;
- Not transferred outside the European Economic Area without adequate protection.
These are referred to as the Data Protection Principles.
Whose responsibility is it?
40% of the 1,000 people surveyed believe that they have the responsibility to keep their data safe. However, how is it possible to keep your healthcare data safe when it’s not within your possession? If you’ve been to see your GP or have had a hospital visit in the past, healthcare organisations will hold data about you – whether you like it or not.
Accenture survey
A survey conducted by Accenture in 7 countries showed that 56% of the data breaches in England concerned medical identity theft. From the 7,580 people surveyed, many people who were victims of a breach lost £172 on average.
According to the findings in Accenture’s survey, 35% of the respondents claimed that a breach happened at a pharmacy were their security was perceived to be the weakest. Coming in second, 29% of the respondents blamed breaches on a hospital, and 21% blamed it on an urgent care clinic, and 19% blamed a GP surgery.
Accenture’s UK health managing director, Aimie Chapple, warned that
“…patients must remain more vigilant than ever in keeping track of personal information, including credit card statements and health records, which could alert them to breaches.”
Though this is true, there should be a greater emphasis on healthcare organisations protecting our personal data. Ms Chapple acknowledges this by stating:
“Similarly, health organisations must monitor patient information more carefully and remain transparent with those affected in the event of a breach to swiftly resolve the issue without losing consumers to competitors.”
The main aim shouldn’t be on whether the organisation will lose consumers to competitors as a result of a breach; it should be about making sure that they’re not breaching their consumers’ data and privacy rights.
Can you trust healthcare providers with your data?
Even after these shocking figures, most people trust healthcare providers with their data; namely 84%!! Ms Chapple’s statement should be drilled into organisations:
“…the time to assure consumers that their personal data is in secure, capable hands is now.”
Sources:
http://www.computerweekly.com/news/450417274/One-in-eight-people-have-suffered-a-healthcare-data-breach
http://www.independent.co.uk/news/business/news/healthcare-is-now-top-industry-for-cyberattacks-says-ibm-a6994526.html