Guest Editorial by Raj Ananthanpillai, Founder and CEO of Trua
When HCA Healthcare was hacked recently, the personal information of tens of millions of patients was compromised,
Soon after that breach, the information went up for sale on a data breach forum, demonstrating that hackers waste no time trying to profit from their criminal efforts.
It was a chilling scenario for anyone concerned about identity theft, but sadly, it wasn’t that extraordinary of an event.
Hacks happen often, personal information is exposed, and identity thieves celebrate their triumphs.
(Millions of people may be affected by a data breach through HCA Healthcare. There are five HCA facilities in Northeast Florida. Courtesy of NEWS4JAX and YouTube. Posted on Jul 11, 2023.)
Here’s the thing, though. We don’t have to throw up our hands in frustration at these breaches and accept them as one of the downsides of our technology-fueled world.
There is actually something that can be done to prevent this scenario from happening in the future. In fact, a couple of things.
One is that businesses should rethink what kinds of information they require of their customers and clients because they are obligated to protect it once they have that information.
But unfortunately, most businesses, no matter how conscientious, aren’t equipped to serve as a fortress against cyber criminals. This is why businesses should give serious reflection on what information they truly need from consumers and whether they are collecting some of that data simply as a means to verify someone’s identity.
In many instances, the business could avoid gathering the information and the headaches of guarding it. (There are exceptions. An employer needs the information for payroll purposes. Banks and credit card issuers also have a legitimate need for it.)
For health providers such as HCA, though, I would ask this question: Do you need to ask for Social Security numbers when patients have insurance, and you already have the insurance information?
Frankly, businesses need to investigate better ways to verify customer identities rather than gathering and storing information that they now must shield from hackers who crave that information and have several tricks for getting it.
Consumers could also help by asking why a business or organization needs the information, how it will be stored, and for how long.
They also should ask whether other options don’t require them to provide their personally identifiable information (PII). (There are exceptions, as noted previously.)
The second thing that would help is everyone to have a form of reusable verified digital identification. This identification would confirm the person’s identity without revealing Social Security numbers, driver’s license numbers, birth certificates, or any other information that cybercriminals want to get their hands on.
The consumer would provide their personal information only once for verification purposes when the digital identification is created.
Still, after that, they would not need to provide it repeatedly each time they interact with a new business or government agency.
They would present the digital ID, and the business or agency would know the person’s identity had already been verified.
In this case, the specifics of Social Security numbers or other personal information would not have exchanged hands, reducing the odds that cyber criminals could get their hands on the information.
Until reusable verified digital identification is in widespread use, it remains up to businesses and individuals to thwart those cyber criminals by limiting the amount of personal information stored on servers.
The hackers can’t steal it from those servers if it was never placed there to begin with.
About the Author
Raj Ananthanpillai is Founder and CEO of Trua, a technology company that provides privacy-preserving identity and risk-screening platforms that assure trust and safety in digital environments, sharing economy, employment, and workforce screening.
Ananthanpillai has more than 30 years of experience building technology businesses, with successful exits. One of his companies was instrumental in developing TSA-Precheck, and other security threat-assessment programs for some U.S. intelligence agencies.
Ananthanpillai holds an M.S. in Engineering Physics and an M.S. in Electrical Engineering. In addition, he holds multiple U.S. patents and has authored two books.
Related Technologies…
CyberArk Identity Security Takes Platinum in 2023 ‘ASTORS’ Homeland Security Awards
American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program, and now entering its Eighth Year, continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.
CyberArk
Best Identification Management Solution
-
CyberArk Identity Security Platform
-
The CyberArk Identity Security Platform is an end-to-end identity access management solution that enforces privilege, enables access, and secures DevOps.
-
The CyberArk Identity Security platform is centered on privileged access management and offers the most complete and flexible set of least privilege-based identity and access capabilities, and is used to protect agencies across all three branches of the U.S. federal government – including multiple Department of Defense deployments
-
The CyberArk Identity Security platform is centered on privileged access management and offers the most complete and flexible set of least privilege-based identity and access capabilities, and is used to protect agencies across all three branches of the U.S. federal government – including multiple DoD deployments.
-
CyberArk delivers a comprehensive privileged access management solution designed to eliminate advanced cyber threats by identifying existing privileged accounts across networks, then proactively managing, monitoring, and protecting those accounts to reduce risk and improve security and compliance.
-
CyberArk continuously scans and monitors environments to discover and manage privileged credentials, isolates those credentials, so they are never exposed to an end-user, isolates privileged sessions to safeguard critical systems, and automatically records and stores those sessions to enhance audit capabilities.
(In today’s hybrid and multi-cloud world, where every identity represents a potential attack path to an organization’s most valuable assets, traditional network barriers are not enough to secure the perimeter. That’s the importance of a robust Identity Security strategy. See how your organization can embrace a Zero Trust approach to protecting an ever-expanding number and diversity of identities. Courtesy of CyberArk and YouTube.)
- *CyberArk was also recognized as a 2021, 2020, 2019, and 2018 ‘ASTORS’ Awards Champion in the Annual Homeland Security Awards Programs, respectively.