Hello and welcome to this lecture on encryption of digital information and healthcare Part 2. What we first do is just take a look at what we covered in encryption Part 1 then we go through a case study of how encryption is used at a large healthcare institution. We'll talk about what can go wrong if you don't use healthcare. We'll then provide some guidance for healthcare employees. Then finish off with a quiz and a quick recap of what we've learned today. Just a quick recap of what we discussed in Part 1. Encryption is the process of taking plain text like a text message or an email and using an algorithm to change it into an unreadable format to protect our private data, which includes our health information, demographics, financial data, insurance information. Encryption is important for connected healthcare which causes the data to be copied at different places with a lot of data moving around between different systems. Healthcare threats can come from many places, including insiders who either knowingly or unknowingly access sensitive information, mobile devices that are used by all of us, including healthcare personnel as well as patients and the supply team connecting vendors to the hospital. Let's go through a short case study on Johns Hopkins Medicine. Johns Hopkins Medicine is a well-known teaching hospital and research facility. Johns Hopkins Medicine has six academic centers. They have four suburban healthcare and surgery centers, 40 patient care locations, a homecare group, and an international division. All of these offer an array of healthcare services. There are some 40,000 employees and thousands of guests that use their network daily. There are nearly a 100,000 smartphones, computers, and all devices in use. The cybersecurity team estimates that there are 3-5 million potential intrusion attacks blocked daily. With about 20-30 that needs to be investigated. Ninety-nine percent are automated threats looking for vulnerabilities in the Internet. A substantial number are what we call command and control from internal systems that can steal data, spread malware, and disrupt web services. Given the magnitude of this threat, obviously there's a team that works to protect the systems. There are also policies and procedures as well as extensive training for employees. The system is audited and tested regularly to find potential ports. All laptops with sensitive information are encrypted. The Windows laptops are encrypted with Microsoft's BitLocker Drive Encryption, and MAC encrypted with Apple's firewalls too. EMRs are protected using attribute-based encryption on mobile devices. This means that the key is dependent on the attributes in the records, such as the location, making it much harder to break. All the media is encrypted including USB, email, and critical databases. Also, all the data that's in motion is encrypted. As we know, we need to be defensive and add protection where we can. Let us examine some scenarios where your things would be much worse if we didn't have encryption. What if a healthcare provider's phone, laptop, or USB drive is stolen and there is no encryption. The hacker can then access patient information, perhaps cutting-edge research. What if there's a malware attack on a hospital's internal systems and millions of records are stolen. If someone hacks into a call between a patient and a doctor where they are being told about a sensitive health problem, an intruder could even potentially get into Epic or CERNER, which is the electronic health system that is used at large hospitals and change the information that is there for patients. Because of all these potential threats, a proactive approach that includes various types of security including encryption is the best way to protect sensitive data, be it in motion or addressed. Healthcare companies spend a significant amount of time training their employees on security procedures. We need to take this seriously. Here are some important guidelines that we need to follow. Ensure that you are only using the organizations authorized laptops and smartphones to access sensitive data. Do not leave your devices in the car or public places where they may get stolen. Try not to use your laptop in public places such as airports as there is a much greater chance of a hacker getting into it. Ensure that you use a strong password to protect information. Most organizations often ask you to change this every 3-6 months to ensure protection. Now let's go through a few simple quiz questions. The first one is Johns Hopkins experiences about 25-30 attacks daily that need to be investigated. Is this true or false? The answer is true, you are right. It is in the region of 25-30 attacks that need to be investigated. The next question is, encryption does not protect data on a smart phone. Is this true or is it false? The answer is false, you are absolutely right. You can definitely encrypt data that resides on your smartphone be it an Android device or an Apple device. The next question is, what if a healthcare provider's office laptop is stolen and the hospital discovers that it was unencrypted. A, they don't need to worry as the doctor had protected the machine with a password. B, they don't need to worry as the data is copied to the server. C, they may have to pay huge fines and you are absolutely right. The answer here is they may have to pay huge funds. Finally, let's do a little recap. Large healthcare institutions like Johns Hopkins Medicine experience 3-5 million attacks daily. While a lot of these are stopped, there's always some probability that a hacker will be able to breakthrough. Hence, it is important to ensure that all data at rest and in motion is encrypted. Even if they access it, they will not be able to read it. In a world without encryption, there would be large-scale medical identity theft, insurance fraud, and exposure of private information of patients. This concludes the lecture. Thank you very much for your time.
