CS Nov-Dec 2020

health monitoring
Kelvin Murray, Webroot: the healthcare
industry is at particular risk of cyber-attacks
and data breaches
Steve Jackson, Clinical DPO: there's an
appreciation of the risk to data posed by
many of the new working practices.
KEY QUESTIONS
"Anyone who develops an app that handles
sensitive customer data should ask themselves
two important questions - is it secure and is it
really necessary?" advises Kelvin Murray, senior
threat researcher at Webroot. "We're seeing
that breaches such as these are all too
common and anyone looking to save time
and money by moving to a digital system
should take risks such as these into
consideration.
"Companies that hold private information
should also ensure they have clearly defined
security policies and procedures to avoid the
leak of information. This starts with employee
education, which underscores all effective
cybersecurity and data protection strategies
and comprehensive best practice guides are
critical to protecting information, especially
when holding sensitive data on customers.
"This is especially important in the healthcare
industry, which is at particular risk of cyberattacks
and data breaches, as information
such as health records is very valuable to
criminals. It will always command high
prices on the dark web, as it can be used
for criminal activities such as fraud, extortion
and in the drug trade."
NO ACTION
And the outcome of the breach at Babylon
Health? It will face "no further action", the
ICO) has since confirmed.
"When a data incident occurs, we would
expect an organisation to consider whether it
is appropriate to contact the people affected,
and to consider whether there are steps
that can be taken to protect them from any
potential adverse effects,” a spokesperson
said. “Babylon Health reported an incident to
us. After looking at the details, we provided
Babylon with detailed advice and concluded
no further action was necessary."
The ICO had the power to fine Babylon
Health up to 4% of its worldwide annual
turnover, while the affected patients might
yet be entitled to claim compensation.
RACE TO TRACE
Concerns that digital tracing systems for
COVID-19 could become 'back doors' to
mass surveillance have already mounted,
with academics from 26 countries issuing
a warning that contact-tracing apps could
hamper trust. Confirming you have been
infected with coronavirus requires personal
data to be submitted, recorded, exchanged
and stored, with some apps, like the UK
government's NHSX, indicating that it may be
stored and used for future research purposes.
But with backing as part of the European
Open Science Cloud (EOSC) - a far-reaching
initiative that is changing the way in which
European research is conducted, with
researchers quickly developing instant
diagnoses for major diseases and tackling
climate change - a small research team has
been able to respond rapidly to the pandemic
and develop a contact-tracing app in the
space of a few months.
TIPPING THE BALANCE
This app - called Tracing Ireland's Population
(TIP) - gives users ownership of their data,
places them in full control of any track and
tracing (rather than an automated program
collecting and storing your information to be
used at a later date), and hosts all information
in encrypted form.
"Alexa will invade your privacy more than
our app does," claims co-creator Dr Paul
Byrnes. "Like many contact-tracing systems
hoping to end blanket lockdowns by
providing an accurate, targeted picture of
infections, our new facility looks set to enable
smaller, localised restrictions.
"The success of any contact-tracing app
depends on whether people will engage with
it and, if they don't trust it, they won't use it,"
comments Byrnes. "It's that simple. Once the
pandemic is over, all data will be erased."
10
computing security Nov/Dec 2020 @CSMagAndAwards www.computingsecurity.co.uk