A healthcare organizations Data Management Strategies is incomplete if it does not provide protection against data breaches and data theft. And it goes beyond providing protection, but data management strategies must also contain plans on how to deal with data breaches, how to rebuild after a data breach, and it must also include regular checks and reinforcement of the data warehouses, firewalls, and systems used to access data.
Data Management Strategies: What is a Data Breach
A data breach could consist of different things and it could range from minor and inconsequential to very serious with lasting damages. Basically, a data breach can be defined as a confirmed incident of data loss in which sensitive, confidential or otherwise protected data has been accessed, copied, stolen, or tampered by an unauthorized person or persons. In a healthcare organization, this kind of data would include but not limited to the personal health information of patients, credit card information, social security numbers, health profiles etc. In manufacturing, for example, it could mean trade secrets or intellectual property of an organization. A data breach does not only mean the loss of data, but it could also be tampering of data which compromises its validity.
A data breach could come from anywhere. It could be carried out by cybercriminals, identity thieves, or lone individuals with ulterior motives. A data breach can be carried out remotely or by accessing a computer and then gaining access to the entire network. Data management strategies must take both methods into consideration when coming up with ways to avoid data breaches.
A typical data breach is carried out through a set of plans. Lost of movies have scenes where a data breach has to be carried out in order to steal or access information. Some movies entirely revolve around carrying outa data breach. So it’s easy to know – at least a little bit – the basic steps of carrying out data breaches
- Research: The data thieves or breachers have to first research the company that owns the data they are trying to breach. They look for weaknesses in the security system and identify the weakest link for point of access. A weak link could be a weak password, a person, or a network.
- Attack: The initial attack could be a direct attack on the network or an indirect attack through the weak link. Like extracting a password from an employee (without them realizing it hopefully) or access the network by sneaking into the company and plugging in through someone’s system. Etc Once the attack starts it is up to the data management strategies concerning attacks that have been put in place to try and stop it before it gets to the next stage which is exfiltration
- Exfiltration: this is the final stage of a data breach and it involves accessing the data for theft, tampering or copying. Once this is done, then the cyber attack can be considered useful. The company can try to catch the people and take the data back or undo what has been done, but in most cases, there’s no going back with this.
Example of Data Breaches
In 2018, Google announced that it is shutting down one of its services: Google Plus. The main reason for this was that Google discovered a vulnerability in the API for google plus. This API made it possible for other app developers (third-party app developers) to access the data of anyone who was connected to a person using Google plus. When Google found out about this breach they decided to shut down the app completely. Google plus had been struggling since it was introduced. It was one of Google’s attempts to be a social media platform that failed as it could not compete with other social media powerhouses like Facebook, InkedIn, Instagram, and Twitter.
Google Plus was also hard to understand and navigate and was usually an after-thought to people who used it. It also failed to capture the attention of the younger market (which used social media the most). Hence, I think shutting down Google Plus due to the data breach was an easier decision to make, than if the app was actually doing well. This problem was said to have existed since 2015. And when it comes to Consumer data it is always dire and there should be consequences and massive repercussions.
But I doubt a big company like Alphabet/Google would be affected much by any consequences such as fines or legal repercussions. A data breach as such is more hurtful to the individuals whose personal information can be stolen or used for malicious purposes. However, there are new data protection laws like the GDPR being put in place to help deal with these kinds of problems and force companies to be more protective of consumer data an information.
Data is the future and is even more important now than ever. This is because, with increased technology, more and more people are seeing the power and potential of data. This also means that data breaches and hacks become an increased threat than in the past.