Happy Data Privacy Day

October is National Cybersecurity Awareness Month, but today – January 28 – is Data Privacy Day: An international day conceived as a way of improving awareness of privacy issues. It is a day when organizations in Europe and the United States recognize the importance of safeguarding data, protecting privacy, and building the trust of consumers (and patients).

Given the volume of healthcare records exposed in 2015 and the number of data breaches still being suffered by HIPAA-covered entities, this year Data Privacy Day is more important than ever before.

Happy Data Privacy Day – May the Next 24 Hours be Free of Privacy Breaches!


Data Privacy Day started in 2007 across the pond in Europe, where it is known as European Data Protection Day. 47 European countries honor the day and are involved in campaigns to raise awareness of data privacy issues and share information that can help corporations and individuals better protect stored and shared data.

With a unanimous vote of 402-0, the House of Representatives followed suit two years later and also chose to use January 28 as a day to promote privacy matters and help organizations to adopt better privacy practices in 2009.

Many organizations now take part in events, with the Online Trust Alliance using the day to launch a number of privacy initiatives.

The National Cyber Security Alliance, California Office of Privacy Protection, Identity Theft Council, Federal Bureau of Investigation, New York State Attorney General Office, Anti-Phishing Working Group, EDUCAUSE, Health Alliance Plan, Microsoft, Twitter, Intel, Google, VeriSign, and TRUSTe, are just a handful of the organizations participating this year.

A Day to Raise Awareness of Privacy Issues and Get Employees to Adopt Good Privacy Practices


One of the major drives this year is increasing awareness of the issue of ransomware. Over the course of the past 12 months the number of reported cases of ransomware infections has grown substantially. Many U.S. businesses have been targeted with ransomware, and one of the major worries for 2016 is the targeting of healthcare organizations.

Cybercriminals use ransomware purely to make money, and while not all organizations feel they need to pay a ransom, many are left with no choice. Given the critical nature of healthcare data, it is feared that cybercriminals will increasingly target healthcare companies over the coming 12 months.

There has been a shift in the method used by ransomware gangs from a blunderbuss approach to catch as many organizations and individuals as possible to sniper attacks; picking out one or just a handful of targets. Targets are being selected based on the value of their data.

While the likes of CryptoLocker may have been used to extort a flat fee for a security key to unlock data, cybercriminals are now setting their prices based on a number of different factors, such as company size and perceived value of data. The cost to the healthcare industry would not only be financial. Ransomware has potential to have a negative impact on patients.

Fortunately, healthcare organizations should be well prepared. It is a requirement of HIPAA to maintain backups to allow data to be restored; however, it is also essential that backups are tested to make sure data can be recovered. Data backup restorations are not always successful.

While protections should have been implemented to prevent data loss, prevention is essential to avoid downtime. Ransomware, like other forms of malware, is often delivered via email. Emails detailing FedEx packages that could not be delivered, fake PDF invoices from suppliers, security warnings, and a wide range of other scams have been designed to get users to open infected attachments and install the malicious software.

Ensuring employees receive regular training on anti-phishing strategies, how to identify scams and potential ransomware/malware is essential. Data Privacy Day is a good time to consider scheduling your next set of staff training sessions.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.