2020 will forever be remembered as the year of the coronavirus crisis. While everyone from epidemiologists to historians will have plenty to analyze, Aparavi has its eye focused on how the pandemic is creating ripple effects in the world of data. In our scramble to adapt and overcome, new data privacy risks have emerged as a direct consequence of this historic event. The first quarter of 2020 saw a 273% increase in large-scale data breaches over last year, and companies of all sizes and industries are facing serious data privacy concerns.
So, what data privacy risks do you need to watch out for, and what can you do to prevent COVID-19 from infecting your data in unforeseen ways? Let’s find out.
The biggest change has been the shift toward remote working and handling every task online. Never before have so many people worked from home. While this allows business to continue at approximately the same pace as it did before, it’s not without potential risks.
Working from home is not inherently dangerous. However, because it removes employees from the more carefully constructed data-secure environments of the workplace, workers are exposed, and data centers are left unattended. The use of videoconferencing applications and the need to move files offsite present unique challenges for data privacy.
Working from home leads to files leaving the office. Instead of keeping files on company computers or on an office server, they’re strewn about on home PCs and users’ various devices. Suppose your employee loses their tablet or throws away an old laptop with valuable data on it without securely wiping it. Now your data is exposed. In addition to that, you may have new security concerns as your employees are using home wifi (or worse in some cases, public wifi) and VPN connections.
Besides exposing files, you also run the risk of creating duplicates, as employees may mismanage files across their devices. As an organization, you need to establish clear protocols on what is and isn’t permitted when it comes to working at home if you want to mitigate these risks.
Regardless of the platform you use to hold meetings online, they all share the same potential for problems. Chief among these is the fact that online meetings can be recorded by participants without your knowledge. Even if you disable this feature for participants, screen recording software can still be used unbeknownst to you.
Therefore, it’s very important to be mindful of what documents are being viewed and shared. This is especially true when meeting with clients or third parties.
Furthermore, if you’ve enabled the option to save recordings of meetings in the cloud, you’re putting your data privacy at the mercy of the service provider. If they get hacked, private data could be compromised.
Another major concern during COVID times is the use of contact tracing applications. While these have been used to great success in several nations to track the transmission of the virus in real time, they pose significant privacy problems.
The risk varies from application to application. The most secure simply track other devices’ Bluetooth identifiers and do not store personal information. However, several governments introduced apps that also allowed individuals to report themselves as having symptoms, which meant personal data was being uploaded.
Despite recognizing the need for contact tracing applications, regulatory bodies also emphasized the importance of data privacy. The United Kingdom’s tracing application, for one, was called into question by GDPR officials. The urgency of the matter was not an excuse, and the UK government admitted to not evaluating the impact on privacy that their application would have.
In addition, data storage is also a concern. Governments want to keep this data on hand for the long term to analyze it. However, European data protection laws that apply to businesses worldwide have recommended against this to protect consumers’ privacy.
As if the healthcare system and its providers didn’t have enough to deal with already, the coronavirus has seriously impacted that industry’s data security issues. The rush of patients that flooded medical facilities in the first wave of infections meant that not all data protocols were followed to the letter. This has had impacts both in the U.S. and abroad.
HIPAA (Health Insurance Portability and Accountability Act), the U.S. regulation concerned with medical records and data privacy, has normally enforced its rules strictly to prevent patients’ data from falling into the wrong hands. One such rule involved the ability of providers to contact patients to solicit their participation in other treatments or studies. However, once it was discovered that coronavirus survivors could donate blood and plasma with antibodies to help others recover, the department of Health and Human Services relaxed its restrictions.
Likewise, the use of videoconferencing applications was previously restricted due to privacy concerns. The rules have since been amended temporarily to allow for private virtual communication between provider and patient. But just because HHS has relaxed some rules does not mean that anything goes.
Healthcare providers must still take every measure to protect patients’ data, which has become difficult due to an increase in cyber-attacks on medical facilities.
Hospitals cannot afford to have system failures for even a second given the pressure they are under. Opportunistic hackers have used this to their advantage. Ransomware attacks on hospitals in the U.S. and other countries have occurred, knowing that the hospitals would rather pay up than have people die.
Even just one attack can have a devastating impact on the healthcare industry. According to an IBM report, the average cost of a data breach in the healthcare industry is $7.13 million, making it the costliest industry for breaches. May 2020’s ransomware attack on Blackbaud, a cloud services provider that works with healthcare groups, has resulted in many of its clients’ data being breached. So far, the breaches have impacted nearly 1 million patients.
Government agencies have also found themselves under attack as some hackers search for medical records on sensitive targets. There have also been reports of attempted breaches on research facilities that are trying to develop a vaccine. Whether corporate espionage or government spying is to blame is uncertain, but if you are a medical provider, you need to strengthen your defenses.
The Aparavi Platform takes data from every source and maps it to one single point of entry (without any data movement), making it easier to keep an eye on your company’s high-risk data types and control access. The Platform simplifies compliance with 140+ smart classification policies, designed and maintained by industry experts, that automatically detect data matching regional, legislative, industry, privacy and other regulatory requirements, like GDPR, CCPA, HIPAA, and more.
In the event of a breach or cybersecurity incident, our platform also enables the user to immediately scan the impacted storage location to determine what types of files and whose data were exposed so you can contact only those individuals relevant to the breach, rather than your entire customer base. Our platform is automatically updated with all data regulation laws that are changed or introduced, both in the U.S. and abroad.
If you’d like to know more about how Aparavi can protect your data during these troubling times, contact Aparavi today to schedule a consultation with our experts.