7 votes

Breach 'inevitable' in digital health records

4 comments

  1. Emerald_Knight
    Link
    There's a pretty well-understood fact regarding tech security: It's never a matter of if you're going to be breached, but when and how bad. Breaches are inevitable in any system, so your system...

    There's a pretty well-understood fact regarding tech security: It's never a matter of if you're going to be breached, but when and how bad. Breaches are inevitable in any system, so your system must be designed such that the impact of a breach is minimal and your monitoring allows for rapid response. If you plan to hold onto any personal data whatsoever, it's your responsibility to ensure that sufficient risk mitigation strategies are in place.

    Worse still is that more often than not, these breaches are a simple matter of poor security practices (e.g. keeping default passwords or leaving your devices unlocked and logged in) and social engineering (particularly phishing), rather than there being a vulnerability in your tech stack. After all, why go through the effort of smashing down the castle walls--especially if it turns out that there are several walls to smash through--if the gate is left wide open a lot of the time?

    5 votes
  2. patience_limited
    Link
    This is the stuff of literal nightmares in my day job, and you wouldn't believe how much doctors loathe the effort required for the most basic safety precautions. I'll note, however, that they've...

    This is the stuff of literal nightmares in my day job, and you wouldn't believe how much doctors loathe the effort required for the most basic safety precautions. I'll note, however, that they've been just as bad about security of paper records.

    The added risk comes from the concentration of sensitive information in centralized systems. Layered security - every kind of defense-in-depth conceivable, and these days, some AI-powered malicious behaviour detection, is about the best we can do, and it still depends on user credentials.

    3 votes
  3. nil-admirari
    Link
    Here in the US it has already happened at hospitals, clinics and insurance companies: For example: https://en.wikipedia.org/wiki/Anthem_medical_data_breach Our records were included in that one....

    Here in the US it has already happened at hospitals, clinics and insurance companies: For example:

    https://en.wikipedia.org/wiki/Anthem_medical_data_breach

    Our records were included in that one.

    Prescription medications are the target of advertisers who hawk alternatives or for supplements to them online, through pharmacy prints on receipts, etc. while guessing what's wrong with you. Have RA? thenxyzzy might be right for you, ask your doctor!

    Its over, individual privacy here in the US is toast, I can't see what at this point can change that even with increased security measures.

    3 votes
  4. nic
    Link
    "the government says there has been no security breaches so far." She'll be right, mate.

    "the government says there has been no security breaches so far."

    She'll be right, mate.