Data Security Challenges in Health Technology

Dealing with medical data is a very delicate process, and the consequences of error are potentially very severe. There is nothing more valuable than our health, and that should underpin everything we do. I see huge potential for disruption in the medical sector based on various innovations in technology, and that made me want to move out of fintech to focus on these new and exciting challenges.

Financial institutions have been the pioneers in compliance practices, which have helped to reduce the potential risks to individuals in cases of major data leaks. These practices include, but are not limited to, anti-fraud technologies and practical insurance policies. Financial data leaks are serious, but it is just money; health data leaks can have far more serious consequences.

Healthcare data reveals very detailed information about us, and losing control over this may lead to problems in all areas of our lives. These challenges make me feel very privileged to work on healthcare data security as CTO of doctify.co.uk.

Common challenges

If you want to ensure proper data handling, make sure you don’t fall foul of these common errors:

  • Team structure
    • Inappropriate level of permission given

It’s important to carefully define roles that are required for accessing data in your organisation and clearly identify the permissions each role has on the data. Having clearly defined roles and a list of users who have certain roles makes it easy to periodically audit permissions especially when a team member leaves.

    • Lack of detailed data access audit

[easy-tweet tweet=”Individual members of the organisation are the easiest target for cyber-criminals.” hashtags=”Cyber-criminals, Cloud “]

Assuming your roles, permissions and ACL are set correctly, and it is still important to audit your data access. Your data storage solutions need to allow you to review users who are requesting excessive data, as that could be the initial sign of a breach in your organisation.

    • Poor password policy

Individual members of the organisation are the easiest target for cyber-criminals. Usually the weakest link is the use of the same password across multiple applications. As an organisation, you need to monitor quality of passwords and make sure they are not being reused. Your policy needs to enforce regular password changes.

    • Lack of U2F (Universal 2nd Factor) usage

Introducing two-factor authentication into your organisation reduces the likelihood of exploitations based on phishing attacks. With two-factor authentication, authorisation does not depend solely on passwords.

    • Poor training

Technologies keep evolving, but users have to evolve too. Make sure your team is up to date with recent threats, and that they know exactly whom to contact when they are suspicious about something.

  • Encryption
    • Lack of encryption of data stored in servers

Usually, there is a good level of protection when it comes to accessing data servers, but every organisation needs to look into solutions to minimise damage in the event of servers being compromised.

    • Unencrypted internal communications

SSL is commonly used for communication with your mail servers, but as soon as an individual machine is compromised, any attacker has plain access to the whole communication. Your company needs to encrypt emails using solutions like PGP or S/MIME

[easy-tweet tweet=”All common platforms like iOS, Android or Blackberry have very good provisioning models” hashtags=”iOS, Android”]

    • Mobile devices

The company needs a clear mobile devices policy. All common platforms like iOS, Android or Blackberry have very good provisioning models, allowing you to exercise fine control over permissions on the devices. If you do allow access to your company data through personal phones, you should ensure that this can be done only via U2F devices, but ideally, any such access should be limited. These rules apply equally to laptops.

    • Lack of encrypted backups

An institution’s backup process is usually the weakest point in regards to data security – it’s easy to implement the process wrongly.  Firstly, data needs to be encrypted, and, secondly, you need to split responsibility between two people: one person holding the key to encrypt the data, the other holding the key to decrypt the data.

  • Excessive data
    • Storing more data than needed

Organisations tend to have an appetite for storing more data than they need for their processes. It is a difficult process, but as part of your rules structure, permission and encryption, you need to be prepared for the possibility that all of the above can fail. Therefore, your last line of defence is for minimal data to be accessible at any single point. Make sure that your data is as anonymised as possible given your operational requirements.

 

+ posts

Newsletter

Related articles

Don’t lose sight of SAP on Cloud operational excellence

Digital transformation projects can often become complex with twists and turns, which can lead organisations to focus solely on the migration itself.

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

Here is how to stage a public cloud migration

As the relationships between CSPs and cloud providers are deepening, CSPs need to develop a clear strategy on how they add value to customer relationships.

The future of work is collaborative

As hybrid work models continue to gain traction, businesses will need to start implementing collaborative tools and processes to meet the needs and expectations of the upcoming workforce, seamlessly integrating them into existing workflows to enhance productivity and performance. Innovations in technology, including AI and machine learning, mean that organisations are in a better position than ever to shape the collaborative future of work – and with the right support in place, they can ensure that these digital tools continue to bring out the best in their workforce for years to come.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our Newsletter