It has been reported that the private data of thousands of NHS patients across Dorset was breached during a five-year-period – among the highest in the country. A new study has shown Dorset Healthcare University NHS Foundation Trust (DHC) experienced the fourth highest number of data breaches in the UK, however the trust says this does not tell the whole story. Security website VPNoverview.com sent out Freedom of Information requests to 229 NHS foundations across the UK regarding data breaches. Of those, 152 responded.
Modern healthcare now and moving forward will only be as effective for the individual patient as the level of data-sharing between various healthcare providers. However, as this research as shown, the need for sharing this type of information among healthcare providers also comes the risk of data exposure, either by accident (human error and mishandling of data) or by intention (leaks and hacks). Yet, we can take some solace in the fact that more and more healthcare providers are indeed realising that keeping patients’ data private is an ethical obligation and means more than just implementing basic data security controls.
The more these types of data breaches occur, the more the general public understands that protecting borders and perimeters around sensitive data isn’t enough—effective data security needs to be applied directly to sensitive information in the form of data-centric security. This includes methods such as tokenization or format-preserving encryption. By tokenizing patient information as soon as it enters the data ecosystem, these organizations can continue to work with sensitive data in its protected state due to data format preservation. Better yet, if (or when) threat actors gain access to tokenized data, they cannot comprehend it or leverage it for personal gain or other nefarious purposes. We will see and read a lot about data breaches throughout this year, but the good news is that organisations wanting to protect patients’ sensitive PHI and PII have access to the right solution. It’s just a matter of deciding to take the appropriate medicine before any catastrophic exposure to risk occurs.