'Visual hacking' a big concern for healthcare, 3M report says
Healthcare organizations are bulking up their privacy protections with firewalls, encryption, data loss prevention software and more, but the much lower-tech visual hacking threat is still a concern, according to a new 3M educational campaign.
Visual hacking is the viewing or capturing of private, sensitive or confidential information on a screen device, workspace or copier for unauthorized use, and it's something healthcare organizations should be protecting against, 3M said.
Computer screens display sensitive information that could be easily compromised with the snap of a smartphone camera. Login credentials, personal health information and more are at risk of being compromised.
[See also: 7 largest data breaches of 2015.]
"Visual hacking can target any industry but may be especially dangerous in healthcare and financial industries, given the sensitive information involved in nearly every customer interaction and the desire for malicious parties to obtain it," said John Brenberg, information security & compliance manager at 3M, in a statement.
Brenberg is a member of the Visual Privacy Advisory Council, a panel of privacy and security experts drawn from business and government entities.
The 3M campaign aims to help IT and security professionals better understand where their data privacy vulnerabilities are, and how to address them.
Information security spending will reach $75.4 billion in 2015, according to Gartner – an increase of 4.7 percent over 2014. But 3M officials said that still leaves certain areas vulnerable.
3M recently sponsored visual hacking experiment in conjunction with the Ponemon Institute. It found that a white hat hacker was able to gain access to participating companies and visually hack sensitive information in 88 percent of attempts.
[Like Healthcare IT News on Facebook]
3M points to a 2015 report by Forrester Research that recommends using applications to mask high-risk data, and or privacy filters to shield data from onlookers.
"Data is the lifeblood of today's digital businesses," according to the report. "Protecting it from theft, misuse, and abuse is the top responsibility of every security and risk leader. Hacked customer data can erase millions in profits, stolen intellectual property can erase competitive advantage, and unnecessary privacy abuses can bring unwanted scrutiny and fines from regulators while inflicting reputational damage."