A portrait of Rebecca Herold

Rebecca Herold & Associates, LLC

Your trusted source for effective information security,
privacy and compliance tools, education and consulting.
The Privacy Professor

Data Privacy Day

Data Privacy Day Champion badge

Just as retailers and banks are closing security gaps to keep hackers from penetrating their systems, healthcare organizations, medical health device builders, and their vendors and contractors, must build in better privacy controls to keep health information secure. This is one of several calls to action Rebecca Herold is making in advance of this year's Data Privacy Day.

Consumers are becoming increasingly aware of the threat facing their health information. In a recent survey conducted by The Privacy Professor® more than a third of respondents said they are "not confident at all" that their healthcare provider is appropriately safeguarding their patient information. That's likely due to news coverage of things like email phishing attacks and medical data breaches. However, not many people are thinking about the 'legitimate' ways their information is being shared by well-intentioned professionals, healthcare vendors and connected gadgets.

The 'Internet of Medical Things' is not on the radar of most Americans. In an increasingly connected society, where everything from your fitness band to your smart car are monitoring your body's function and performance, the risks are coming from many different places. It can be hard to keep track of the risks.

To open more eyes to the threats posed by the Internet of Medical Things, Rebecca Herold has developed an infographic enumerating some of the ways in which health data is collected and shared, often through unencrypted or insecure means. The infographic takes a look at the following threats and more:

  • Wearables: 500 million users' health data at risk from unauthorized smartphones that can easily connect to unsecured fitness bands.
  • Smart Cars: Connected car technologies communicate "total impairment scores" to insurance companies.
  • WiFi Tracking: Frequencies allow humans to be seen behind walls and provide means for the detection of respiration and heart rates.
  • X-Rays/Imaging: Connected medical equipment transmits patient data across the web, often without encryption.
  • BYOD: Healthcare staff connect their unsecured personal devices to hospital networks, exposing patient data via vulnerable WiFi connections.
  • Drug Pumps: Drug libraries open to hackers who can remotely set fatal doses.

The Privacy Professor® encourages all consumers to ask the healthcare entities and fitness tracker businesses with which they do business how their data is secured. Just as important, is reading and understanding the privacy policies that come with 'smart' gadgets and other connected technology.

All patients and consumers have the right to demand the collection, storage and sharing of their health, and other personal, information is as secure as possible.

Download Infographic (PDF) Download Infographic (JPG)

Visit the occassion's official website.

From ISACA:

Interview: You are a node in the net, whether you know it or not

I worked with the Iowa state government to endorse and recognize Data Privacy Day 2018. This is the ninth consecutive year for the state's support of privacy!

Here is an image of this year's proclamation from Iowa Governor Kim Reynolds' office:

2018 Data Privacy Day proclamation