We live in exciting times. The ways in which we store and engage with health data have been transformed with the creation and adoption of digital health technology. Whether it’s using a Fitbit, accessing your vaccine records online, or virtually connecting with your doctor, understanding your health status in real time has never been easier… for some of us. We at DAI Global Health are working tirelessly to increase access to healthcare in low- and middle-income countries by leveraging digital health technologies. The goal is to empower patients and professionals providing care to them to use data to make smart decisions.
The Women 4 Health Programme trains health workers in Nigeria. Photo credit: DAI.
The ease with which new technology allows us to share, collect, and store data has resulted in massive pools of health data. This is fantastic—especially because it allows us to harness machine learning to more efficiently diagnose illness, reducing the healthcare workforce gap.
But how safe is this health data? And what does that even mean?
The global health sector is in the top five sectors most affected by data breaches. In Mexico, for example, the personal health data of more than 2 million people collected by a telemedicine company was accidentally made public online. That may seem innocuous, but data breaches can reveal sensitive health diagnoses, such as HIV, that can put those people at risk. This doesn’t even get into the fact that as users of these digital technologies, when we share our health data we no longer control who is given access to it—see the recent Grindr scandal. And the cost of these data breaches to economies can be exponential: There were 466 healthcare data breaches in the United States between November 1, 2017, and October 31, 2018, costing an average of $3.62 million. This might not seem like a lot for a high-income country but imagine that level of cost for a country already strapped for cash. It could be devastating.
The drivers of most of these breaches are miscellaneous errors, privilege misuse, and use of insecure web applications. This points to the importance of focusing cybersecurity improvements on the individual-level as much as on systems. As digital development actors, it is as important for us who design digital health tools to apply cybersecurity best practices as it is to train the healthcare workers using the tools.
The point is, we should standardize the inclusion of cybersecurity best practices in all digital health programming. For instance, all standard operating procedures should include a cyber hygiene component to ensure that the healthcare workers using these digital health technologies are not inadvertently introducing new risks into countries’ health ecosystems.
Key cyber hygiene skills to consider including are:
- Understand the importance of creating strong passwords and changing those passwords.
- Recognize the risks associated with accessing sensitive data on open wifi networks.
- Understand the tradeoffs between storing health data on cloud service or on a server.
- Correctly identify and report suspicious activity on a digital network.
We recognize that just adding a cyber hygiene section into our program manuals will not change behavior, but it is a start. Ideally, at the clinic level you would have a cybersecurity champion who could ensure that regardless of healthcare worker turnover the systems and processes to protect data remain sound. But that is a whole other ballgame.
Look, this isn’t easy. All of us have been guilty of poor cyber hygiene, such as ignoring the prompts to update our passwords at work. But when it comes to health data, those of us who build systems to collect and analyze this information often forget that this data represents people. People with lives, hopes, and dreams who have made themselves vulnerable by allowing us to record their health status. It is therefore clearly our responsibility to ensure that these data are protected.
Curious to learn more about our cyber hygiene work? Check out this post on the recent cyber hygiene workshop we held in Ukraine.