Hewlett Packard Enterprise (HPE) Security shared a June 2017 report from James Scott, Sr. Fellow, The Institute for Critical Infrastructure Technology (ICIT), entitled "The Necessity of Encryption for Preserving Critical Infrastructure Integrity." This powerful report states the following: "Lately, consumers have not been able to trust public or private entities to secure their data. Adversaries are irrevocably becoming more sophisticated, capable, and successful in their perpetual attempts to exfiltrate treasure troves of classified information, PII, intellectual property, etc. There are only two types of networks, those that have been compromised and those that are compromised without the operator’s awareness."
Scott goes on to explain that if organizations consider data valuable, they are instantaneously a target of hackers and others engaged in information theft. In the report, he indicates that, "The government sector is second only to the healthcare sector in system vulnerability and susceptibility to attack, as measured in total records breached." HPE CTO Rob Roy, is quoted, “Whether it is an insider, a contractor, or a nation state, data theft is rising to epidemic levels in government. Even if an agency is not aware of it, chances are high that data has been stolen or misused without their consent.” In the public sector, the report shows that the majority of, "security incidents resulted from attempts to secure legacy technology with increasingly inadequate network and endpoint security solutions such as signature driven antimalware, intrusion prevention systems, etc."
This raises significant ethical issues. According to Scott: "Intentionally leaving data unencrypted is naïve and negligent. It is akin to surrendering to the attacker because they circumvented the perimeter security and then rewarding them with the highest value commodity contained in the network; information which likely describes subjects who may not have even acquiesced to the collection, storage, transmission, or processing of their data." For the public sector, "Agency leaders must prioritize data protection and legislators must ensure not only that they are required to do so, but also that data are holistically and systematically protected at rest, in transit, and during processing on all agency and third-party systems such that even a sophisticated and persistent adversary that gains access to critical system or caches of sensitive information cannot leverage that access to inflict further harm by exploiting it against the public."
Derive Healthcare is the dedicated practice of Derive Technologies. With HPE and other complimentary partners -- Derive is a HPE Platinum Partner (as well as a HP Platinum Partner, Microsoft Gold Partner, and has strategic alliances with other healthcare-specific partners) -- collaborate to bring to organizations of many sizes, in the public and private sectors, particularly in Healthcare and Government, solutions to modernize technology paradigms to secure critical data, systems, online and cloud platforms and physical infrastructure.
Contact Derive Healthcare
Please contact Derive Healthcare to learn more about our comprehensive security practice, with services tailored specifically to different vertical industries/public sector organizations. You may call (212) 363-1111, or use the form on this page (please include "DERIVE HEALTHCARE SECURITY SOLUTIONS" in the form's comments), to reach a Derive Security Consultant.