We speak with experts and examine the increased importance of information security using encryption protection in the healthcare industry
As researchers and scientists are forced to deal with an ever-growing set of data, challenges have risen in regards to the security risks facing information security in the healthcare sector. Resulting from a necessity for more thorough security protocols, industry professionals have had to incorporate numerous conventions into their online presence to better address all potentially harmful queries.
Demonstrating the vast effect that cyber-security has had on the healthcare field, Gemalto’s Data Breach Index for the first half of 2015 has recognized the industry as having suffered the most data breaches with the most stolen records. In the first half of 2015 alone, healthcare documented 245,919,393 records breached, averaging at 16 data records lost or stolen per second.1
“Big data definitely amplifies the need for adequate cyber-security,” expressed Nick Murray, CEO of Moseda.com, and a pioneer in revolutionizing the inefficient processes in Canadian healthcare. “Among others, the biggest impacts are transmitting data security to/from the cloud or big data repository, de-identifying user/patient data, providing proper privileges and access rights to the sequencing data and HIPPA compliance followed by all stakeholders of the data.”
Due to the required storage of hosting these big data sets, an increased number of industry specialists have chosen to do so through the cloud rather than choosing to build their own in-house data storage environments. Although this usage often necessitates the integration of a third party platform, data suppliers retain the responsibility of insuring that their data is being adequately protected from all threatening external sources.
Brought together and analyzed to distinguish pattern productivity and value, big data offers its own set of complications to the process of converting ordinary information into indecipherable and secure text. When attempting to optimize data security, there are a number of ways to do so while simultaneously protecting sensitive information-one of which includes utilizing attribute-based encryption. In this type of public-key encryption, the secret key of user and the cipher text is dependent upon the features present (i.e. location, subscription type, etc.).
When working with high volumes of sensitive information, professionals must pursue a balance between both privacy and utility. Access-based encryption can assist in developing and upholding this balance through what is known as access control-security features that control the right of use to resources in the operating system. These features additionally work to support clients who wish to send sensitive information to the cloud for either computation or storage purposes, and who wish to do so using the underlying plain text to ensure the dependability of their data protection.
“Obviously data security is a big issue dealing with next generation sequencing. [Station X has] built our platform with a security focus so that our customers can feel confident that their data is secure,” explained Anish Kejariwal, Senior Director of Engineering at Station X, headquartered in San Francisco, Calif. “I think one of the things that has changed over time is that a lot of people are now able to implement security very well in the cloud, causing it to be even more secure than individual platforms and eliciting a shared responsibility model.”
Securing Patient Information
Included in these sets of big data are patient-focused information and results from lab testing, which can include genetic data generated through Next Generation Sequencing (NGS). Although the cloud offers a solution for storing and computing this data, security adaptations have previously left room for potentially threatening interpretation from outside hosts.
“Next Generation Sequencing (NGS) technologies are giving us access to an unprecedented volume of data about human biology at the level of the individual as well as patient populations,” explained Ramon Felciano, PhD, CTO and vice president of technology and global strategy and founder of Ingenuity Systems, Inc., a QIAGEN Company. “With [QIAGEN Clinical Insight], medical oncologists and clinical geneticists can annotate, interpret and report NGS variants in the context of over 10 million relevant biomedical findings while building their own, lab-specific internal experiential knowledge base.”
To ensure that such patient information is kept both HIPPA-compliant and fully secure, users of the cloud must work to keep data encrypted at all times-during transfer, in storage and during computation, according to The Journal of Biomolecular Techniques. This journal also recommends requiring that all user data, file transfers and platform services communicate through encrypted channels, and that computation environments are set with a separate Amazon Web Services Virtual Private Cloud container to provide a high level of isolation, security and monitoring.2
Making these provisions increasingly possible, access to files and pipelines can be set individually on either a project-to-project or user-by-user basis. Secure isolation mode also helps protect sensitive information being stored on the cloud by isolating the data environments from all access or activities aside from the computation of the data owner.
Big Data Working Group
According to research by the Cloud Security Alliance, the Big Data Working Group, a forum for individuals and organizations interested in the big data benchmarking topic is working towards identifying scalable techniques for data-centric security and privacy problems. Their investigation is expected to lead to the manifestation of best practices for security and privacy in the realm of big data.3
The work of this group is also geared toward helping the industry and government with the adoption of the best big data practices, while also establishing liaisons with other organizations in order to coordinate the development of big data security and privacy standards. It also hopes to accelerate the adoption of novel research aimed at addressing security and privacy issues, while putting together research proposals for joint funding by government and industry initiatives.
While traditional access control to data has been enforced by operating systems and virtual machines, the data still exists in plaintext. This enables a system to be hacked and for the security risks of the data to remain when put in transit. For this reason and many others, it is imperative that all healthcare professionals seek to establish the highest level of data security possible.