Page 161 - Cyber Defense eMagazine June 2024
P. 161

Understanding the Breach

            At the heart of the Kaiser data breach was the improper use of web technologies that facilitated the
            unintended sharing of sensitive data. These technologies, which often include tracking cookies and other
            data collection tools, are commonly used on websites to enhance user experience and gather analytics.
            However, without proper oversight and cybersecurity measures, they can also pose a risk to user privacy
            by transmitting data to third parties.

            This incident reflects a broader misunderstanding of digital fundamentals among healthcare executives.
            In healthcare, there is an unfortunate and detrimental lack of priority given to cybersecurity. A breach like
            this happens for one reason only - because healthcare executives and their employees don’t understand
            basic digital concepts such as how web cookies work to collect site visitor data. Healthcare organizations
            need  to  take  immediate  action,  because  far  too  many  organizations  are  vulnerable  to  attacks  and
            breaches despite being in possession of extremely sensitive personal information.



            The Cost of Complacency

            The  consequences  of  such  breaches  are  not  just  numbers  on  a  report;  they  represent  millions  of
            individuals whose personal information has been compromised. The implications range from identity theft
            to financial fraud, all of which can have devastating effects on the affected individuals. These security
            breaches erode public trust in healthcare institutions, which is something these institutions cannot afford,
            especially in a sector that deals with sensitive personal health information.

            The financial ramifications are also significant, with the industry facing potential losses in the billions due
            to fines, lawsuits, and remediation costs. Hospital executives and board members need to understand
            that digital technologies don’t simply put their current processes and data into a cloud-based environment
            and everything else remains ‘business as usual.’ This shift requires a data-centric focus in operational
            strategies and a robust understanding of the technologies employed.




            Education and Enforcement Moving Forward

            To  mitigate  the  risk  of future  breaches  and to  safeguard  patient  data,  it  is  imperative for  healthcare
            organizations to invest in cybersecurity education and training. This initiative must start at the top, with
            executives leading by example. They need to become proficient in digital literacy, understanding the
            technologies their organizations employ and the potential risks associated with them.

            Further, there should be a mandate for comprehensive cybersecurity training for all employees, tailored
            to their roles and the specific technologies they use. This training should not be a one-time event but an
            ongoing process, reflecting the rapidly evolving nature of cyber threats and technologies.

            Regulatory bodies need to enforce stricter compliance measures and penalties for breaches, ensuring
            that healthcare organizations take the necessary precautions to protect patient data. The enforcement of







            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          161
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   156   157   158   159   160   161   162   163   164   165   166