Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎07-12-2023 07:25 PM
‎07-12-2023 07:25 PM

How to Stop Attackers That Target Healthcare Imaging Data

Hi All

 

It appears that the health sector is badly in need of Attribute-based Encryption to protect the metadata.

 

The full details are shown below:

 

https://www.darkreading.com/dr-tech/how-to-stop-attackers-that-target-healthcare-imaging-data

 

There is a whitepaper from CSA which discusses how to protect it too:

 

https://cloudsecurityalliance.org/artifacts/medical-devices-in-a-zero-trust-architecture/

 

 

Regards

 

Caute_Cautim

Reply
0 Kudos
1 Reply
JoePete
Advocate I
‎07-13-2023 09:24 AM
‎07-13-2023 09:24 AM

Attribute Based Encryption (ABE) sounds a bit like Digital Rights Management shifting from entertainment to healthcare. Certainly, there are a lot of possibilities, but to me the flaw with personal and health information (PII, PHI) is that the idea that it is "personal" is a fraud. My information can't belong to me if the encryption keys aren't mine, and the control of that information isn't mine to begin with. Otherwise, the "P" in HIPAA would stand for privacy, not portability.

 

The problem I see with ABE is that while the technology has all sorts of capability, at implementation time, will it be applied in this granular way? Will someone take the time to take the many attributes of a healthcare record and split it appropriately so that the radiologist can only see the image but not the patient data, billing, can only see patient data, but the medical records, etc. It sounds great, until the radiologist screws up the diagnosis because they have the wrong patient, or the patient gets billed for an MRI and not an X-ray.

Reply