When Premera Blue Cross announced this week that it had uncovered evidence of a data cyber attack that may have compromised the health records of 11 million people, the news delivered a gut punch to the health insurance industry as a whole.
Premera was just the latest health insurer subjected to a major data breach. As more information is stored online, more personal information is at risk to such threats. But even as the at-risk data base grows, efforts to provide better security are also evolving.
A white paper from Intel Security (McAfee) and the Atlantic Council takes a look at the risk-reward balancing act that’s playing out as the nation attempts to reap the benefits of a rich data network against the welfare of millions of individuals who count on that data to be kept private.
A practical point raised by the paper is whether, in the rush to develop new and better medical devices, the matter of data security has been relegated to a lower priority that it perhaps should be.
“The current focus in medical device development and production is on manufacturers’ preferences and patients’ needs. Industry and government should also focus on implementing an overarching set of security standards or best practices for networked devices to address underlying risks,” the paper says. ”Should any high-profile failures take place, societies could easily turn their backs on networked medical devices, delaying their deployment for years or decades.”
The authors argue that the current emphasis on regulating medical practices and devices to try to increase security is a wrong-headed approach.
“The report recommends continued improvements to private-private and public-private collaboration. More coordination, not more regulation, is warranted. Regulators do not always keep pace with technological progress. They should have feedback from a full set of stakeholders through transparent collaborative forums that assure the regulator’s independent functioning without creating concerns of collusion with industry. Likewise, industry officials should continue to improve communication among themselves.”
In addition, the authors say, the general public — whose data is most at risk — needs to have a way to have a strong voice in striking the balance between data sharing and data risk.
The industry must build security into devices from the outset, rather than as an afterthought. As McAfee’s then-CTO Stuart McClure testified before the US House Committee on Homeland Security in 2012, “Cybersecurity has to be baked into the equipment, systems and networks at the very start of the design process.”
The full white paper goes into great detail on the threats to networked health care data and offers in-depth recommendations for enhancing data security. It is available here.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Dan Cook
Dan Cook is a journalist and communications consultant based in Portland, OR. During his journalism career he has been a reporter and editor for a variety of media companies, including American Lawyer Media, BusinessWeek, Newhouse Newspapers, Knight-Ridder, Time Inc., and Reuters. He specializes in health care and insurance related coverage for BenefitsPRO.
