On Sunday, January 28, we officially observe Data Privacy Day. But the fact is: data privacy is dead. Countless data breaches and hack attacks over the past decade have proven your info just isn't safe.
Can better technology solve the problem? Will stricter regulations like Europe's GDPR make a difference? Can "best practices" ever be good enough? Perhaps.
But developing and implementing those solutions takes time. In the meantime, huge vulnerabilities remain and our data -- yours, mine, and everyone's -- is at risk.
Healthcare Industry Struggles To Protect Our Data
Consider, for example, news announced today in the Protenus Breach Barometer: Approximately 5.6 million patient records were breached in 2017 alone.
Protenus has a solid grasp on the severity of the problem. It makes an artificial intelligence platform used by medical centers to analyze every single action inside a medical record system. Its Breach Barometer is considered to be the definitive source for health data breach reporting.
The company says that, on average, the healthcare industry experienced more than one health data breach per day in both 2016 and 2017. There was a slight increase in the number of breaches reported, from 450 in 2016 compared to 477 in 2017. For both years, though, the numbers are frightening.
In 2016, Protenus reports that 27,314,647 patient records were affected by data breaches -- that's over five times greater than the number of records affected in 2017, thanks to several large hacking incidents in mid-2016.
While some numbers are going up, others are going down. Yet it almost doesn't matter, since the problem is still so severe.
A 'Terrifying Challenge'
One important note is that breach vulnerability isn't all about hackers infiltrating data centers from the outside. Protenus says the single largest health-records breach reported in 2017 was the result of insider-wrongdoing, when a Kentucky hospital employee inappropriately accessed the billing information of 697,800 patients over multiple incidents.
"Looking across all incidents in 2017," Protenus says, "insiders were responsible for 37% of the total number of breaches this year. In one particularly egregious incident of insider-wrongdoing, a hospital employee was snooping on patient information for 14 years before the breach was discovered."
That breach affected 1,100 patient records and it shows how detrimental insider threats can be for a healthcare organization. "While hacking incidents are often quickly discovered because of the immediate disruption they have on an organization's day-to-day operations, insider threats can remain undiscovered for long periods of time," Protenus warns. "On average, it took 308 days for an organization to discover it had suffered a breach in 2017."
That's almost a year -- nearly 10 months of patient data being exposed before the typical breach is discovered. Discovery of breaches remains a "terrifying challenge" for health providers everywhere.
Long Road Ahead
The Protenus report concludes that business associates and third-party providers also remain a major source of healthcare data breaches. "53 of the reported incidents, totaling 647,198 records breached, were the result of business associate or other third party access to health data."
The bottom line: We still have a long, long way to go before data privacy is real and reliable. For now, it's dead... not happening... so don't assume your data will be safe.
Of course, we can't really forget about it. Instead, we should use Data Privacy Day as a day to check our own security systems, check our own privacy settings, and remember, it's just a start.
The risks are real and data protection needs to be a top priority not only for healthcare providers, but for all enterprises and government entities, as well.