Why data leaks

The 6 key business requirements for protecting patient data in networked medical devices and EHR systems:

  1. Prevent data leakage directly of ePHI (electronic protected health information) from  the device itself, the management information system and or the hospital information system interface. Data loss can be protected directly using network DLP technology from companies like Websense of Fidelis Security
  2. Ensure availability of the medical device or EHR application.  When the application goes offline, it becomes easier to attack via maintenance interfaces, technician and super-user passwords and copy data from backup devices or access databases directly while the device is in maintenance mode.
  3. Ensure integrity of the  data stored in the networked medical device or EHR system. This is really ABC of information security but if you do not have a way to detect missing or manipulated records in your database, you should see this as a wake-up call because if you do get hacked, you will  not know about it.
  4. Ensure that a networked or mobile medical device cannot by exploited by malicious attackers to cause damage to the patient
  5. Ensure that a networked or mobile medical device cannot by exploited by malicious attackers to cause damage to the hospital enterprise network
  6. Ensure that data loss cannot be exploited by business partners for financial gain.   The best defense against data loss is DLP – data loss prevention since it does not rely on access control management.

Why does data leak?

Just like theft, data is leaked or stolen because it has value, otherwise the employee or contractor would not bother.  There is no impact from leakage of trivial or universally available information.  Sending a  weather report by mistake to a competitor obviously will not make a difference.

The financial impact of a data breach is directly proportional to the value of the asset. Imagine an insurance company obtaining PHI under false pretenses, discovering that the patient had been mistreated, and suppressing the information.  The legal exposure could be in the millions.  Now consider a data leakage event of patient names without any clinical data – the impact is low, simply because names of people are public domain and without the clinical data, there is no added value to the information.

Why people steal data

The key attack vector for a data loss event is people  – often business partners working with inside employees. People handle electronic data and make mistakes or do not follow policies. People are increasing conscious that information has value – All information has some value to someone and that someone may be willing to pay or return a favor. This is an ethical issue which is best addressed by direct managers leading from the front and by example with examples of ethical behavior.

People are tempted or actively encouraged to expose leaked/lost data – consider Wikileaks and data leakage for political reasons as we recently witnessed in Israel in the Anat Kamm affair.

People maintain information systems and make mistakes, leave privileged user names on a system or temporary files with ePHI on a publicly available Windows share.

APT (Advanced Persistent Threat Attacks)

People design business processes and make mistakes – creating a business process for customer service where any customer service representative can see any customer record creates a vulnerability that can be exploited by malicious insiders or attackers using APT (Advanced Persistent Threat Attacks) that target a particular individual in a particular business unit – as seen in the recent successful APT attack on RSA, that targeted an HR employee with an Excel worksheet containing malware that enabled the attackers to steal SecurID token data,  and then use the stolen tokens to hack Lockheed Martin.

According to Wikipedia, APT attacks utilize traditional attack vectors such as malware and social engineering, but also extend to advanced attacks such as satellite imaging. It’s a low-and-slow attack, designed to go undetected.  There is always a specific objective behind it, rather than the chaotic and organized attacks of script kiddies.

Related Posts Plugin for WordPress, Blogger...
Tell your friends and colleagues about us. Thanks!
Share this

2 thoughts on “Why data leaks

  1. Pharmaceutical, biotechnology, medical device and research organisations can all benefit from clinical trial software. Clinical trials data management software assists with all aspects of a trial – from enrollment to study submission to study archiving. Clinical trial software can be used for small Phase 1 trials or large studies with thousands of participants.

  2. Based on a national Harris/Westin survey in 2007 sponsored by an IOM project, this paper will describe public attitudes toward the current state of health information privacy and security protection; health provider handling of patient data; health research activities; and trust in health researchers. The public is segmented into persons who have participated in health research projects, those who have been invited but declined (and why), and those never invited. Members of the public are identified who believe their personal health information has been disclosed improperly and by whom. Explaining the benefits and risks involved in having one’s personally identified health records used in health research, the paper explores what kinds of advance patient/consumer notice and consent mechanisms are desired by various subsets of the public. Potential privacy harms are documented that patients see if their health records are used without notice and choice mechanisms, or disclosed improperly. The findings are applied to emerging large-scale health data systems, especially new online personal health record repositories and health data-mining programs. In terms of positive actions suggested by these survey results, updated federal health privacy rights in legislation supporting information technology/EHR programs are discussed, as are national educational campaigns on the values of health research under robust health privacy rules or procedures, and new software tools to put direct control over the uses of health records into the hands of individual patients, through an individually driven “switch” mechanism between health data providers and health-research data seekers.

Leave a Reply

Your email address will not be published. Required fields are marked *