Reported healthcare data breaches have reached staggering levels, with a whopping 84% surge over the last three years. Critical Insight’s 2021 study using HHS info found that 14 million people were impacted by these incidents in 2018; this figure skyrocketed to 44.9 million individuals just three years later – an alarming statistic of growing concern given the sensitive nature of the data.
In the first half of 2022 alone, there were a reported 337 attacks resulting in 19 million records being exposed according to Fortified Health Security’s mid-year report. To add to these concerning figures, IBM’s “Cost of Data Breach” report reveals that such incidents are more expensive than ever before — costing an average estimated USD$10.1 million per incident, which is a 9.4 percent rise compared to the 2021 report!
However, the true cost of a breach in healthcare data goes far beyond this. Stolen credentials can have devastating consequences, putting individuals at risk. Victims’ data, particularly those in vulnerable groups, can be used to discriminate against them and for exploitation.
In addition, identity thieves may misuse a victim’s data to access medical care and treatments (or even commit fraud!) — creating potential confusion between the thief’s medical history and the victim’s when it comes to electronic health records. This not only erodes a patient’s trust but adversely affects patient care outcomes, damages an organisation’s reputation, and results in steep regulatory penalties or costly litigations.
The healthcare industry is currently overly vulnerable to such cyberattacks due to the growing proliferation and reliance on mobile Health Apps and medical IoT to support the growing demand for healthcare services. Unfortunately, many developers may not take the appropriate steps to ensure data security at all levels, including the device, the network, and the data center.
Intertrust’s 2020 Security Report found that nearly 3 of 4 mobile health apps contain at least one critical vulnerability that can be readily exploited, with the potential for significant damage or loss. In addition, it was found that 91% of these apps also failed cryptographic tests.
When looking specifically at COVID-19 tracking apps, Intertrust found that 85% of these apps leak data. Cross-platform apps can be particularly susceptible to security threats since hackers may exploit unprotected vulnerabilities and loopholes in protective measures. Open-source software integration further compounds these challenges, leaving countless healthcare systems exposed to potential harm.
Data protection platforms like Jonda Health comprehends the gravity of such data security breaches and recognises the need to protect all parties, especially patients from these threats.
This is why we do not use open-source software integration and employ multiple layers of encryption. The database, data tables and individual data are encrypted with separate mythologies and keys.
For the data level encryption, we use zero-knowledge encryption exclusively – an encryption process where user data is always secured, with only the user having the key needed to access and decrypt it.
Healthcare’s digital revolution is transforming the way we collect, use, and integrate data to inform care models, drive research innovation and create powerful new insights with AI and machine learning. Safeguarding this sensitive information must therefore remain a top priority.
This article is written by Dr Suhina Singh, Co-Founder of Jonda Health
