25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Happy Data Privacy Day

Posted By on Jan 28, 2016

October is National Cybersecurity Awareness Month, but today – January 28 – is Data Privacy Day: An international day conceived as a way of improving awareness of privacy issues. It is a day when organizations in Europe and the United States recognize the importance of safeguarding data, protecting privacy, and building the trust of consumers (and patients).

Given the volume of healthcare records exposed in 2015 and the number of data breaches still being suffered by HIPAA-covered entities, this year Data Privacy Day is more important than ever before.

Happy Data Privacy Day – May the Next 24 Hours be Free of Privacy Breaches!

 

Data Privacy Day started in 2007 across the pond in Europe, where it is known as European Data Protection Day. 47 European countries honor the day and are involved in campaigns to raise awareness of data privacy issues and share information that can help corporations and individuals better protect stored and shared data.

With a unanimous vote of 402-0, the House of Representatives followed suit two years later and also chose to use January 28 as a day to promote privacy matters and help organizations to adopt better privacy practices in 2009.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Many organizations now take part in events, with the Online Trust Alliance using the day to launch a number of privacy initiatives.

The National Cyber Security Alliance, California Office of Privacy Protection, Identity Theft Council, Federal Bureau of Investigation, New York State Attorney General Office, Anti-Phishing Working Group, EDUCAUSE, Health Alliance Plan, Microsoft, Twitter, Intel, Google, VeriSign, and TRUSTe, are just a handful of the organizations participating this year.

A Day to Raise Awareness of Privacy Issues and Get Employees to Adopt Good Privacy Practices

 

One of the major drives this year is increasing awareness of the issue of ransomware. Over the course of the past 12 months the number of reported cases of ransomware infections has grown substantially. Many U.S. businesses have been targeted with ransomware, and one of the major worries for 2016 is the targeting of healthcare organizations.

Cybercriminals use ransomware purely to make money, and while not all organizations feel they need to pay a ransom, many are left with no choice. Given the critical nature of healthcare data, it is feared that cybercriminals will increasingly target healthcare companies over the coming 12 months.

There has been a shift in the method used by ransomware gangs from a blunderbuss approach to catch as many organizations and individuals as possible to sniper attacks; picking out one or just a handful of targets. Targets are being selected based on the value of their data.

While the likes of CryptoLocker may have been used to extort a flat fee for a security key to unlock data, cybercriminals are now setting their prices based on a number of different factors, such as company size and perceived value of data. The cost to the healthcare industry would not only be financial. Ransomware has potential to have a negative impact on patients.

Fortunately, healthcare organizations should be well prepared. It is a requirement of HIPAA to maintain backups to allow data to be restored; however, it is also essential that backups are tested to make sure data can be recovered. Data backup restorations are not always successful.

While protections should have been implemented to prevent data loss, prevention is essential to avoid downtime. Ransomware, like other forms of malware, is often delivered via email. Emails detailing FedEx packages that could not be delivered, fake PDF invoices from suppliers, security warnings, and a wide range of other scams have been designed to get users to open infected attachments and install the malicious software.

Ensuring employees receive regular training on anti-phishing strategies, how to identify scams and potential ransomware/malware is essential. Data Privacy Day is a good time to consider scheduling your next set of staff training sessions.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist