The Dutch data protection authority AP states that in the first year of the Data Breach Notifications Regulation, most breaches have been reported by healthcare institutions. The AP has received notification of the 5500 breaches, of which 29 percent is reported by hospitals and other healthcare institutions. It comes as no surprise to Kevin Jonkers, Manager Forensics and Incident Response at Fox-IT, that this sector experiences the most breaches: “The healthcare sector is not very mature when it comes to IT.”
Medical records are often saved on non-encrypted laptops that are taken home by staff. Records are also stored on unsecured servers. Jonkers: “Robots are commonly used in the operation rooms, but these computers are connected to the hospitals general network and are not secured properly. If those networks are breached, dangerous situations occur.”
Together with security expert Sijmen Ruwhof, Jonkers has 5 tips regarding data breaches:
- Minimize the number of people that have access to data. Information that is not there, cannot be stolen.
- When an organization reports a data breach, civilians should also be told what they can do. If you do not get an update, ask for it.
- Has your password been stolen? Think of any place you might have used that same password for and change them all.
- Has personal information you cannot edit been leaked? Then be on the lookout for fraud: keep an eye out for strange transactions on your credit card, or subscriptions you did not sign up for.
- Pay extra attention to emails that are sent by the organisation that has reported the breach: these can be sent by the hackers. Do not just click on any links or attachments.
Read the full article here.