Data Breaches – A Healthcare Crisis

Healthcare for IT involves protecting many types of data for various kinds of patients.  A recent breach of the platform Cerebral, an online therapy and medication management system, has exposed the data of 3.1 million patients seeking care for their mental health.  The verdict was that Cerebral had “disclosed certain information that may be regulated as protected health information (“PHI”) under HIPAA to certain Third-Party Platforms and some Subcontractors without having obtained HIPAA-required assurances.” 

Cerebral had been using invisible pixel trackers on its online services since 2019, whose data logging features resulted in exposure of patient information to third parties.  It doesn’t take much dialogue to see the risks inherent in tracking technology, currently in use by many American hospitals in their patient portals and beneficial to the recipient advertisers, but this provides a clear example on the data security front.  Since these trackers stem from Google, Meta and TikTok, these were the giant third parties with whom the PHI was illegitimately shared.  Data included names, addresses, client IDs, IP addresses, and myriad other health information.

And so Cerebral finds itself running into a potential HIPAA violation.  BetterHelp, an online counseling service, found itself in similar hot water when it shared sensitive PHI with Facebook, Snapchat and others.  Only a few days prior to the Cerebral news did BetterHelp reach a $7.9 million settlement with the FTC for this mistake.

Data security regulations are no joke, with stringent requirements and penalties for any organization that takes them lightly.  Questionable sharing of customers’ personal data is one aspect, but so too is it crucial to protect the data from bad actors who try to pilfer it for personal financial gain.

Failing to encrypt one’s valuable data can have disastrous consequences for the offending entity, with significant financial damages and loss of consumer trust resulting.  HIPAA fines alone for a data breach can run a company anywhere from $1,000 – $50,000 to $1.5 million per year maximum, depending on the tier.  Data encryption remains the best method for securing a firm and its customers against breaches, whether internal or external, malicious or human error.

NetLib Security’s patented, high performance data security platform, Encryptionizer, simplifies security for your stored data right out of the box. It transparently encrypts your stored data on systems, devices and distributed applications with virtually no impact on performance, and no additional programming required.  We have been working with healthcare organizations and medical device manufacturers (EMDs) for over 20 years to protect patients’ personal health information (PHI) and electronic health records (EHR) that are mission critical to maintaining long-term business stability and positive reputation. Encryptionizer also assists with compliance to meet your HIPAA and HITECH compliance standards. 


By: Jonathan Weicher, post on March 20, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security