About Data Leaks

Data leaks have made headlines in politics and economics, but they may also have a negative impact on scientific science. Access to early research data can sway doctors' conclusions, influence self-reported information from study subjects, and even decrease patient retention if the drug seems to be lacking. With the existing state of affairs, some analysts believe that the best way to reduce the possibility of such data leakage is to implement international protocols for working with provisional findings. The value placed on interim data grew in the early 1990s, when the US Food and Drug Administration (FDA), partly in response to the urgent need for HIV/AIDS therapies, began offering the option of an ‘accelerated approval’ pathway for new drugs by using information gathered before the conclusion of a clinical trial. Drugs for serious diseases can now be marketed after interim data predict clinical success, after which the study continues in order to confirm that the anticipated positive results bear out.

Paraphrase Practice source 1

In the recent past, data leaks have significantly affected the financial and political field, and its negative impacts have also spewed to the biomedical sector. In the event of leaked early trial results, for instance, repercussions such as a decline in patients’ retention and biased conclusions by the medical practitioners may be witnessed (Bloudoff-Indelicato, 2015). One of the proposed measures aimed at dealing with the risks of data leaks is the implementation of international policies that will promote efficiencies in handling preliminary results. Interim data gained significance in the early 1990s and was promoted by the US Food and Drug Administration, and this gave leeway for the marketing of drugs for serious diseases (Bloudoff-Indelicato, 2015).

Source 2: Secure-System excerpt

Measuring timing makes it possible to perform side-channel attacks across a network instead of requiring that the target equipment is in the hands of the hacker. Some network services tend to be highly vulnerable. “Web API keys are places where developers commonly perform comparisons insecurely,” says Joel Sandin, a security consultant at Matasano Security who worked with Mayer on side-channel analysis research. The Matasano researchers and others have confirmed that statistical analysis can help the attacker to discern data-dependent changes in execution time, although actual exploitation is not straightforward as there is no direct way to separate application execution time from network latency. “With a remote-timing attack, we can’t measure execution time directly; we can only measure round-trip time,” says Sandin. Algorithms can be written to avoid giving away information easily, but power and electromagnetic emissions provide more subtle clues about the data being processed, even if the application designer takes precautions. Some attacks focus on the differences in the complexity of logic blocks used to perform cryptographic operations.

Paraphrased practice source 2

In the quest for the performance of side-channeled attacks within a network, it is advisable to use measuring timing rather allowing hackers to carry out the activities. According to Joel, Web API Keys tend to be vulnerable, and it requires the IT experts to be cautious when handling it (Edwards, 2015). According to Matasano Security, statistical analysis is critical in allowing attackers to use execution time in discerning data-dependent changes which may at times fail. Writing of algorithms is essential in avoiding ease in access to information from intruders. However, electromagnetic emissions and assessments of variations in the difficulties of logic blocks may be applied by attackers to hack the system and access data information (Edwards, 2015).

Source 3: Prevention of data leaks

Under national privacy laws like Gramm-Leach-Bliley or HIPPA, companies may have an obligation to mitigate known harmful effects flowing from data security breaches, but except in the instance of medical privacy, there isn’t an express mandate they give notice of security breaches to consumers. Since late 2009, notifications must be given regarding data security breaches related to healthcare information as a result of the HiTECH Act and HIPAA breach notification requirements. Collection agencies and debt buyers are directly regulated under the GLBA. Companies that handle medical receivables are regulated as business associates under HIPAA. Nonetheless, to ensure creditor clients remain confident that collection agencies are trustworthy handlers of sensitive consumer information, collection agencies must navigate a steady course through the various state data breach laws and plot a responsible action plan.

Paraphrase practice: Source 3

According to the regulations stipulated by the Gramm-Leach-Bliley or HIPPA, companies are obligated to come up with measures that can be vital in mitigating data security concerns. The rule only hardly applies in the event of medical privacy (Bender, 2016). The HiTECH Act in conjunction with the HIPAA has since 2009 been on the frontline in ensuring that data security breaches are addressed. GLBA is mandated with the role of regulating debt buyers and collection agencies while business associates are under the control and regulation of HIPAA (Bender, 2016). Responsible action plan is, however, instrumental in fostering creditor client confidence and trust on collection agencies’ ability to handle sensitive customer data and information.

Source 4: Security Intelligence

DLP has finally evolved to become an important component of broader security architecture. Through deep content inspection and a contextual security analysis of transactions, DLP technologies serve as the enforcers of data security policies and provide a centralized management framework designed to help detect and prevent the unauthorized disclosure or transmission of sensitive information. DLP protects against mistakes that lead to data leaks and intentional misuse. As organizations recognize the growing risk of data loss and the importance of data protection, DLP solutions become more attractive. Although most organizations express an awareness of DLP capabilities, they struggle to make the business case for the product’s adoption, and achieving project buy-in from executives is a key first step to any security endeavor.

Paraphrase practice: Source 4

Data Loss Prevention has over the years gained a lot of significance and is currently a vital element in matters pertaining security. DLP technologies are instrumental in the enforcement of data security policies and prevent unauthorized access to the information systems (Evans, 2017). Organizations and individuals in the modern world have embraced DLP that has improved the protection against errors that may end up leading to data leaks. With the full view of some of the negative effects that the companies may have to face in the event of data loss, they have had a full view of the essence of Data Loss Prevention integration (Evans, 2017).

Source 5: Data breaches in health sector

The health care sector of our economy accounted for 34.5 percent of all reported data breaches in 2016, according to a report from the Identity Theft Resource Center (ITRC) and CyberScout. Health care was the second-most victimized part of our economy, with only the business sector suffering more data breaches. Business reported 494 data breaches, compared to 377 reported in the health care sector. No other sectors of our economy were even close to business and health care, though, with education coming in third (98 reported breaches) and government/military (72 reported breaches) rounding out the top four. The biggest culprits in data breaches in the health care sector in 2016 were employee error and mistakes by subcontractors, business associates and third parties. There were 43 instances of employee error causing a health care data breach in 2016, with almost 1.2 million records exposed. There were 16 health care data breaches due to subcontractor or third parties, with a stunning 4 million records exposed.

Paraphrased practice: Source 5

The report by Identity Theft Resource Center and CyberScout stated that, of the 2016 data breaches cases, the health sector accounted for 34.5%. The sector was the second most affected after the business industry that reported the highest number of data leaks cases. Some of the factors that contributed to data breaches in the healthcare sector included workers’ errors and mistakes that were made by subcontractors and the third parties (Health Care Sector a Top Victim of Data Breaches in 2016, 2017). The number of reported employee errors was 43 which ended up leading to data leaks and breaches while 16 healthcare data breaches were also reported as a result of subcontractors and the third parties.

References

Bender, L. (2016). Preventing Data Leaks. Practical Data Security Advice For Creditors And Collectors, 1-5. Retrieved from http://file:///C:/Users/user/Downloads/Preventing_Data_Leaks..pdf

Bloudoff-Indelicato, M. (2015). Threat of interim data leaks prompts call for international rules. Nature Medicine, 21(3), 200-200. http://dx.doi.org/10.1038/nm0315-200

Edwards, C. (2015). Secure-system designers strive to stem data leaks. Communications Of The ACM, 58(4), 18-20. http://dx.doi.org/10.1145/2732477

Evans, B. (2017). A Business Case for Data Loss Prevention. Security Intelligence. Retrieved 6 October 2017, from https://securityintelligence.com/a-business-case-for-data-loss-prevention/

Health Care Sector a Top Victim of Data Breaches in 2016 | National Association for Home Care & Hospice. (2017). Nahc.org. Retrieved 6 October 2017, from http://www.nahc.org/NAHCReport/nr170202_1/