cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

How to Stop Attackers That Target Healthcare Imaging Data

Hi All

 

It appears that the health sector is badly in need of Attribute-based Encryption to protect the metadata.

 

The full details are shown below:

 

https://www.darkreading.com/dr-tech/how-to-stop-attackers-that-target-healthcare-imaging-data

 

There is a whitepaper from CSA which discusses how to protect it too:

 

https://cloudsecurityalliance.org/artifacts/medical-devices-in-a-zero-trust-architecture/

 

 

Regards

 

Caute_Cautim

1 Reply
JoePete
Advocate I

Attribute Based Encryption (ABE) sounds a bit like Digital Rights Management shifting from entertainment to healthcare. Certainly, there are a lot of possibilities, but to me the flaw with personal and health information (PII, PHI) is that the idea that it is "personal" is a fraud. My information can't belong to me if the encryption keys aren't mine, and the control of that information isn't mine to begin with. Otherwise, the "P" in HIPAA would stand for privacy, not portability.

 

The problem I see with ABE is that while the technology has all sorts of capability, at implementation time, will it be applied in this granular way? Will someone take the time to take the many attributes of a healthcare record and split it appropriately so that the radiologist can only see the image but not the patient data, billing, can only see patient data, but the medical records, etc. It sounds great, until the radiologist screws up the diagnosis because they have the wrong patient, or the patient gets billed for an MRI and not an X-ray.