By Mathieu Gorge, CEO and founder, VigiTrust.
The COVID-19 pandemic has created a number of personal health data challenges for both healthcare organizations and private businesses alike. From vaccine passport requirements and businesses handling incredibly sensitive information on their employees, to healthcare workers accessing sensitive patient data while working from home, the health crisis has created unprecedented data security and compliance challenges for employers and healthcare providers.
COVID-19’s Impact on Data Security
When COVID-19 first hit, many healthcare organizations shifted to a partially remote workforce overnight. This meant that healthcare administrators were using personal devices and had access to systems and data that they previously could only access on their employers’ network. The focus was on productivity and business continuity, not cybersecurity.
However, over a year later, we are still using this makeshift IT environment and the increased cyber risks have not been addressed. By accessing patients’ private healthcare information from personal devices or home networks, administrators are doubling or tripling the risk of a breach.
Why Do Criminals Want Healthcare Data?
There are several regulations designed to protect personal data, but health data presents unique challenges. For example, if my credit card were stolen, I can be assured that PCI would cover any losses due to my banks’ contractual obligations with credit card companies. However, my health data – including DNA, disease history and medical conditions – are fully unique. No one can reimburse me with a new set of personal health information!
Criminals understand this, which has led to a rise in personal health data being stolen. Many hackers are now breaching health systems’ networks for personal information, and demanding ransom from individuals to keep that data private.
Furthermore, healthcare workers have been under increased pressure due to the pandemic, which has made hospitals and health systems a more appealing and “softer” target for hackers.