![]() The recent class action lawsuits with Taxotere and Herceptin revealed some very troubling actions on the part of the drug manufacturers responsible for these drugs as well as the medical professionals who failed to inform patients of the side effects of these drugs. However, there is another important level of analysis with cancer research, which is based upon principles of transparency, traceability of technical dependencies and data flows, and accountability of medical professionals. Like many other forms of valuable data, such as intellectual property, military information, and other sensitive information with corporate, government, and research entities, threat actors are constantly engaged in looking for ways to gain this information. How can we truly measure the multiple levels of damage to the individuals impacted by having multiple sensitive data compromised? This is an area where more creative solutions and approaches are needed to bridge the gap by assisting the legal world in being able to truly understand the damages involved and in helping the medical community understand the true impact of financial and other long-term consequences for the medical patient.Ĭancer research is constantly under attack by state-sponsored actors as well as other threat actors because there is financial gain in introducing cancer drugs that are less expensive into the market. It is another example of cancer data being gathered by unauthorized sources and, once again, cancer patients had their protected health information and sensitive financial information breached along with PII. The recent LabCorp data breach not only compromised protected health information, but it also included payment information and other personally identifiable information. ![]() When we analyze and deconstruct the aforementioned data breaches, important questions need to be asked such as whether any early warning signs were missed, what additional security and technical measures are needed, what additional training, tools, and budgetary allocation are needed, and are we appropriately analyzing the ethical responsibility on the part of the entity breached? How are we fully measuring the impact of the data breach on the individuals impacted by the breach? Do legal remedies need to be adjusted to include individuals who were repeatedly breached with specific forms of sensitive data, including Personally identifiable information (PII), sensitive financial information, and protected health information? Will the statute of limitations need to be adjusted in dealing with long-term effects of various drug treatments and other procedures in the field of medicine? We know that some of these targeted attacks are state-sponsored by nations that are hostile to the US, but there are also rogue cybercriminals or the various consortiums of cybercriminals that work together to steal various data and sell it on the dark web or use it for other nefarious purposes. The Trend Micro breach was caused by insider threat and those who were English speaking had their data sold. This starts to get more complicated and even more disconcerting when we add compromise of social media accounts of those impacted by the OPM data breach as well as the selling of account holder information with those using Trend Micro Anti-virus. If we combine the sensitive data in the United States Office of Personnel Management (OPM) data breach with the Anthem Blue Cross Blue Shield, Equifax, Marriott, Quest Diagnostics, and LabCorp data breaches, then we see a pattern emerging of attacks on security clearance, financial, and health data. What is even more troubling is that there has been a persistent targeting and attacking of certain individuals with these breaches. We have already seen how some of the recent large data breaches have resulted in very significant compromises of personal data of citizens. ![]() Lynette Hornung ISU INFAS (Cybersecurity) and Political Science Alum
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |