Protection: The commonality between COVID-19 and Data
At over 176 million and rising infections, the COVID-19 crisis has wreaked havoc across the world.
Statista estimates a global GDP loss of 3.94 trillion USD during calendar 2020. Airline, leisure, restaurant, auto parts, and oil and gas were the hit the hardest. Fortunately, medical science has advanced to the extent that mass-vaccination efforts began just ten months from the onset of the crisis sending a wave of relief worldwide. That said, consumption post-COVID will be fundamentally different from the pre-COVID times. Modern technologies such as vaccination passports, interactive web maps, IOT devices, and virtual reality will play a crucial role in curating a safe experience.
A common factor binding all these technologies together is data. Data sharing across platforms and devices are used to build a personalized touchless experience for consumers. The most vital piece of information in the coming months is going to be vaccination status which will be used to filter out customers. About 39 countries have now eased restrictions only for vaccinated travelers, and more are expected to follow suit. However, healthcare information is considered overly sensitive since it has implications on insurance coverage, employment opportunities and contains identification and banking information. This challenge has raised data privacy concerns with the proposed use of vaccination passport apps which reveal an individual’s vaccination status. About 55.9% of American citizens surveyed by panda security fear data safety practices adopted by vaccine passports.
Healthcare data is the most sought after by bad external actors
April 2020 was the worst month for healthcare companies worldwide as hackers went on a frenzy targeting medical billing companies, COVID relief organizations, and pharmaceutical companies. Most of these attacks have been financially motivated using ransomware to target their victims. This does not come as a surprise since Securelink estimates that a single healthcare record is estimated to be worth USD 250, nearly 50 times higher than the next highest – credit card information valued at USD 5.4 per record.
75% of healthcare organizations have suffered cyber-attacks, and 59% of these breaches can be attributed to hackers getting access through third-party vendors, especially the ones operating on cloud. A network’s integrity is weakened by these vendors who may have access to a site’s data through a VPN. Another attack vector is e-mails directed towards the company’s employees using phishing attempts to gain information and unauthorized access to a network.
Data-sharing policies raise concerns about the usage of consumers’ private data
Hackers are not the only threat to data privacy.
Many businesses embrace the sharing of their collected data to improve market reach, optimize supply chain and open new collaboration opportunities. They do so by signing data sharing agreements that specify the purpose, scope, and responsibilities of each party involved. As people get vaccinated, their record is shared under this agreement with businesses to allow only vaccinated people to use their services. In the future, this might include transportation, leisure, entertainment, and all companies handling large or public venues. Upon entering their health data on the vaccination passport apps, customers are worried about the trustworthiness of these businesses and whether they could be trusted with sensitive information about their health, especially in a data-sharing regime.
Data privacy is a joint responsibility of the customers and healthcare providers
Understanding data privacy rights should be the first item on a customer’s agenda. This will help them be vigilant towards the data they enter on mobile applications. On the other hand, businesses should constantly monitor if third parties are honoring their data-sharing agreements.
To prevent hackers and other bad actors, companies should conduct thorough due diligence on their third-party vendors and use secured networks only. Then, techniques such as encryption should be used so that only authorized parties can read it. Companies dealing with overly sensitive data should use tokenization for optimum security. To compare which technique is the best for your organization, read our article on encryption vs. tokenization. Finally, on the compliance end, vaccination passports must adhere to data privacy laws of every nation they are available in to avoid unnecessary fines. These small measures from all parties will go a long way in keeping sensitive data safe.
Prevention is far less expensive than responding to a cyber-attack, so if you’re wondering when you should integrate cybersecurity measures in your company, the time is now.
For more information and inquiries about cybersecurity insights, contact us at info@owlgaze.com.
