Hello and welcome to this first lecture on Encryption of Digital Information in Healthcare. We will start off by defining what we mean by encryption. We'll then go through some key concepts related to encryption. We'll talk about encryption specifically in connected healthcare. We'll talk about the top healthcare security risks, we'll look at some statistics and then end with a quiz and recap. Encryption is the process of taking plain text, like a text message or an email and using an algorithm to change it into an unreadable format. This helps protect the confidentiality of the digital data which is stored on a computer system or transmitted over an internet. End-to-end encryption is the process of communication where only the users communicating can read the messages. Now the data that is being encrypted can either be at rest, in use or in motion. Data at rest is stored on a computer or on a pen drive and perhaps on the cloud. Data in motion is the data moving over a private network or the internet. Data in use is that which is being accessed by someone for their personal use on their machine. In principle, this prevents potential eavesdroppers, which can include Internet providers, telecom providers, and other hackers that might be trying to eavesdrop on the conversation. Now, encryption itself does not protect data, but has to be used along with other security mechanisms such as authentication, which is the use of passwords, authorization, which ensures users have access to only that information that they need. Cryptography and encryption are often terms that are used interchangeably. However, while encryption tends to be more algorithmic in nature, cryptography is the practice of using various methodologies to secure communication. Cryptography includes digital signatures, data integrity, and other techniques for secure communication. Another concept that we need to learn about is keys. Keys are the codes that are used to encrypt information into unreadable format and then decrypt it, which means changing it back into a human-readable format. There are various algorithms in use today such as RSA, DES, TripleDES, Twofish, which are used for encryption. In general, the longer the key which usual referred to as a 64-bit, 128-bit, 256-bit the harder it is to break the encryption. For example, 16 random characters is stored in a 128-bits and this would take almost 500 billion years for modern hardware to break. That is why you see on websites that they asked you to create your passwords that are at least eight characters, but often 12 characters and sometimes 16 characters long. The types of characters you are asked to use include uppercase, lowercase, numbers, special characters because all of this adds to the complexity. A government security protocol we use today is HTTPS. We use this on websites when we are trying to pass information securely. In healthcare, we are accessing and storing sensitive data such as patient names, social security numbers, the credit card information, as well as their entire medical [inaudible] history, which can include their conditions, their medications, their diagnostics. We certainly do not want these to fall into the wrong hands. Healthcare is now moving to what is called connected healthcare. A model that uses technology to provide accessible health care for patients and to share information both internally as well as externally. What does this include? This includes electronic medical records, which is patient information, patient portals to share patient lab's diagnostics and other sensitive information, wearable devices to collect information on patient health, in-home devices for remote monitoring of patient vitals, mobile applications for communication between providers and patients, and telemedicine and telehealth for remote doctor consultations. Due to this sensitive data is replicated in many different places and is also passing over the network. Hence, encryption becomes even more important as this makes us more vulnerable to hackers. Let's look at some of the top security health threats. The first one is mobile devices. Doctors, nurses, hospital staff all use tablets and mobile devices and of course, patients and visitors do as well, which means that these are all potential threats for security breaches. The second is employees with malicious intent. According to Becker's Hospital Review, 15 percent of security breach incidents in the healthcare industry in 2013 were caused by insiders misusing the system. Some people even get jobs with healthcare just to hack into health care systems to get access to sensitive patient information. Because of this, hospitals often monitor download of data and carry out audits regularly to protect the system. Another problem is sometimes there are just mistakes that are made by employees. It is not always people who are out to do harmful things that compromise healthcare. Becker's Hospital Review found that in 2013, unintentional staff actions caused a compromise in patient data security of 12 percent. These mistakes can be as simple as misplacing a patient's file or their information being deleted by accident when a computer is disposed. Another system is the supply chain with vendors. Hospital systems are connected to distributors of arithmetical products such as medication, supplies, food. This data can be intercepted by hackers. A study in the Annals of Internal Medicine found that health security information of approximately 169 million Americans was compromised at 1,388 entities between 2009 and 2019. 66 percent of the breaches involved sensitive demographic information such as social security numbers. 65 percent of the breaches exposed general medical or clinical information, and 35 percent of the breaches compromised service or financial information. Let us examine some of the motivations for this. Malicious hackers often: One, sell this information to people who can misuse this information. For example, identity theft. A recent study found that banking login credentials can fetch anywhere from $200 to 500 on the dark web. EHRs, which is your electronic health records can cost up to $1,000. Hackers may also be able to hack into systems and alter records of patients. They might try and hold organizations hostage for a ransom. While there may be financial motivations, often it may be just them wanting fame in the trait. Now let's go through a short quiz to look through what we've learned so far. The first question is data passed through forms on websites cannot be made secure. Is this true or is this false? The answer? You got it. It's false. We can use HTTPS protocols when we are sending it over the web. The second question is, is it possible to protect data and motion, but not data at rest? The question here has responses of a, true and b, false. Again, good job. You are right. This is false. Data at motion and at rest can be protected. The third question is, what are some of the top security risks? The first is mobile devices, mHealth, the second answer is misuse by insiders, the third is mistakes by employees, and d is all of the above. Super job. You are right. It's all of the above. Now let's do a quick recap of what we have discussed. Encryption is the process of taking plain text like a text message or an email and using an algorithm to change it into an unreadable format to protect our private data which includes patient records, their demographics, and their financial data. Encryption is very important for connected healthcare which causes the data to be copied in many different places and there's a lot of data that's moving around between different systems. Healthcare threats can come from many different places including insiders who either knowingly or unknowingly access sensitive data, mobile devices that are used by all of us, and of course, the connected supply chain with vendors to the hospital. Thank you very much.
