It took one healthcare company over a year to notify 1.1 million users that their data had been hacked and then the largest insurer in the US, Anthem, announces that over 80 million members’ data was hacked. By July 2015 over 270 health data breaches had been announced and the value of health data sold on the dark web is rising. Most importantly, as a driver of future hacking attacks, health data is now perhaps one of the most expensive types of data to acquire on the dark web with some Medicare data records containing IDs sold for over $US 4,000. Acccording to the Infosec Institute, it is increasingly possible to find identity theft kits for individuals on the dark web1.
The growing number of hacks is creating a challenge for healthcare and researchers at a time when they have an increasing number of tools to engage with citizens around health data and clinical research. In early 2015 when Apple launched Research Kit we saw citizens engage in quite dramatic fashion with more research participants signing up for studies in the first 36 hours than would have been feasible for 50 medical centers to sign up in one year!
Ken Westin, security analyst at Tripwire said, “In general, healthcare organizations are not prepared for the level of sophistication associated with the attacks that will be coming at them. It’s no surprise that several organizations have been targeted and compromised. Vulnerabilities that are endemic within an industry through common tools, frameworks, data storage/sharing methods or business processes.” Maybe the wrong assumption that the hackers are only interested in financial data and perimeter firewalls would stop any kind of external attacks. Such wrong assumptions by healthcare organizations result in absence of application security and encryption of data. The Health Insurance Portability and Accountability Act (HIPAA) addresses a number of patient privacy issues but doesn’t require encryption of people’s data.
When it comes to the data patients generate themselves it is a slightly different matter. Individual accounts may be less of a target to sophisticated hackers going after healthcare systems but building trust and security for individual health data is becoming a major goal for those who want to encourage the sharing of health data for research purposes. This is where healthbank comes in with our secure storage. But the issue of trust is also related to who determines access and control over data. Increasingly patients are aware of their right to download their data from EHRs and most will want to store their data securely. However, the capacity to share data is important as well and health bank offers incentives to share data while maintaining a private, secure environment to do this. In this way we differ from the traditional PHRs that have failed in the past because we are working to make health data useful, not just stored in a passive way.
Through our cooperative business model that makes our users also owners of the company, our health data transaction platform offers a solution to incentivize citizens to do more with their health data that will ultimately help further medical knowledge as well as democratize the benefits of health research in a new economy where data is becoming one of the most valuable assets. We’re more than a safe deposit box, but a place that enables you to do things with data and expand the range of benefits from collecting data.