A naukri.com initiative
Securityintelligence
1M
50
Image Credit: Securityintelligence
Why safeguarding sensitive data is so crucial
- A recent data breach at virtual medical provider Confidant Health highlights the importance of comprehensively safeguarding sensitive data. The breach exposed 5.3 terabytes of data, including audio and video recordings of therapy sessions, detailed psychiatric intake notes and medical histories, far surpassing the usual risks associated with personally identifiable information (PII) breaches.
- The unique threat of sensitive data exposure has seen a significant increase in cost. IBM’s Cost of a Data Breach report noted the cost per record for intellectual property data jumped from $156 to $173.
- Cyber attackers value sensitive data, including medical data, because of its social engineering potential, targeted blackmail and selling value, making robust data protection a critical need, especially in healthcare settings.
- Corporate espionage, targeted phishing, identity theft and blackmail are potential vectors for attacks exploiting the vulnerabilities of key employees where their personal vulnerabilities are revealed during therapy sessions.
- Comprehensive data protection measures require authentication, encryption, network, endpoint, and data loss prevention security, third-party risk management, data governance, and physical security measures.
- Robust access controls, building role-based access controls, and implementing multi-factor authentication limit data access.
- Encryption is necessary to safeguard sensitive data. End-to-end encryption for data transfers, device encryption and next-generation firewalls, network segmentation will all help isolate sensitive data.
- Data loss prevention solutions, including data masking and tokenization, are essential in preventing data movement. Regular data backups and tested restoration procedures ensure data availability in the event of incidents.
- Organizations need third-party risk management regulations, compliance with healthcare regulations such as HIPAA, and formal data classification protocols.
- A formal incident response plan, a dedicated incident response team and automated threat detection and response capabilities help minimize the impact of security breaches. Physical security measures should not be overlooked, securing physical access to data centers, proper disposal of physical media and using surveillance in sensitive areas.
- Organizations need to adopt a holistic approach that recognizes the unique vulnerability of sensitive personal information, because safeguarding PII is no longer enough.
Read Full Article
3 Likes
For uninterrupted reading, download the app