Patient information may well be the most valuable type of personal data, containing information that is harder to change than a credit card and which can be used to make fake medical claims or purchase medications.
In a Cape Argus analysis, Andrew Brown, operations executive at Altron HealthTech, notes that ‘a patient’s health information is worth six to 10 times that of credit card information on the black market’.
‘Global identity leader ForgeRock’s 2021 Identity Breach Report revealed an increase in the number of health-care records breached in the first quarter of 2020 versus the first quarter of 2019, revealing an unprecedented 450% surge in breaches containing usernames and passwords globally,’ he states.
‘The report also found unauthorised access was the leading cause of breaches for the third consecutive year, increasing year-over-year for the past two years, accounting for 43% of all breaches in 2020,’ he adds.
‘Organisations, especially in the health-care and financial sector, are recognising the true value of encrypting data, not only at rest but also in motion,’ Brown writes.
‘It’s especially important to encrypt data in light of the fact that, on 1 July 2021, the Protection of Personal Information Act (Popia) came into effect. The impact this will have on the health-care sector is immense,’ he argues.
‘Under Popia, health information (such as diagnoses, pathology results, blood pressure readings, etc.) is not only considered personal information but is designated as “special personal information”,’ he states.
‘The two major challenges IT service providers in the health-care industry face are the high costs associated with protecting such sensitive information and the vast volumes of data that need to be stored and protected,’ notes Brown.
‘With volume comes complexity, and with complexity comes more opportunities for criminals to slip in through the cracks,’ he argues. ‘Healthcare providers will require the technology companies that store their data to have the best possible measures in place. This is where certifications like ISO27001 are crucial. Any service provider that stores special personal information needs to make sure that their house is in order or run afoul of Popia,’ he states.
‘Aside from the hefty fines that can be issued, the reputational damage a health-care provider or their IT service provider can suffer because of a data breach can be disastrous,’ concludes Brown.