CS Nov-Dec 2020
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
health monitoring<br />
Kelvin Murray, Webroot: the healthcare<br />
industry is at particular risk of cyber-attacks<br />
and data breaches<br />
Steve Jackson, Clinical DPO: there's an<br />
appreciation of the risk to data posed by<br />
many of the new working practices.<br />
KEY QUESTIONS<br />
"Anyone who develops an app that handles<br />
sensitive customer data should ask themselves<br />
two important questions - is it secure and is it<br />
really necessary?" advises Kelvin Murray, senior<br />
threat researcher at Webroot. "We're seeing<br />
that breaches such as these are all too<br />
common and anyone looking to save time<br />
and money by moving to a digital system<br />
should take risks such as these into<br />
consideration.<br />
"Companies that hold private information<br />
should also ensure they have clearly defined<br />
security policies and procedures to avoid the<br />
leak of information. This starts with employee<br />
education, which underscores all effective<br />
cybersecurity and data protection strategies<br />
and comprehensive best practice guides are<br />
critical to protecting information, especially<br />
when holding sensitive data on customers.<br />
"This is especially important in the healthcare<br />
industry, which is at particular risk of cyberattacks<br />
and data breaches, as information<br />
such as health records is very valuable to<br />
criminals. It will always command high<br />
prices on the dark web, as it can be used<br />
for criminal activities such as fraud, extortion<br />
and in the drug trade."<br />
NO ACTION<br />
And the outcome of the breach at Babylon<br />
Health? It will face "no further action", the<br />
ICO) has since confirmed.<br />
"When a data incident occurs, we would<br />
expect an organisation to consider whether it<br />
is appropriate to contact the people affected,<br />
and to consider whether there are steps<br />
that can be taken to protect them from any<br />
potential adverse effects,” a spokesperson<br />
said. “Babylon Health reported an incident to<br />
us. After looking at the details, we provided<br />
Babylon with detailed advice and concluded<br />
no further action was necessary."<br />
The ICO had the power to fine Babylon<br />
Health up to 4% of its worldwide annual<br />
turnover, while the affected patients might<br />
yet be entitled to claim compensation.<br />
RACE TO TRACE<br />
Concerns that digital tracing systems for<br />
COVID-19 could become 'back doors' to<br />
mass surveillance have already mounted,<br />
with academics from 26 countries issuing<br />
a warning that contact-tracing apps could<br />
hamper trust. Confirming you have been<br />
infected with coronavirus requires personal<br />
data to be submitted, recorded, exchanged<br />
and stored, with some apps, like the UK<br />
government's NHSX, indicating that it may be<br />
stored and used for future research purposes.<br />
But with backing as part of the European<br />
Open Science Cloud (EOSC) - a far-reaching<br />
initiative that is changing the way in which<br />
European research is conducted, with<br />
researchers quickly developing instant<br />
diagnoses for major diseases and tackling<br />
climate change - a small research team has<br />
been able to respond rapidly to the pandemic<br />
and develop a contact-tracing app in the<br />
space of a few months.<br />
TIPPING THE BALANCE<br />
This app - called Tracing Ireland's Population<br />
(TIP) - gives users ownership of their data,<br />
places them in full control of any track and<br />
tracing (rather than an automated program<br />
collecting and storing your information to be<br />
used at a later date), and hosts all information<br />
in encrypted form.<br />
"Alexa will invade your privacy more than<br />
our app does," claims co-creator Dr Paul<br />
Byrnes. "Like many contact-tracing systems<br />
hoping to end blanket lockdowns by<br />
providing an accurate, targeted picture of<br />
infections, our new facility looks set to enable<br />
smaller, localised restrictions.<br />
"The success of any contact-tracing app<br />
depends on whether people will engage with<br />
it and, if they don't trust it, they won't use it,"<br />
comments Byrnes. "It's that simple. Once the<br />
pandemic is over, all data will be erased."<br />
10<br />
computing security <strong>Nov</strong>/<strong>Dec</strong> <strong>2020</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk