Iowa’s Data Privacy Day Aims to Open Eyes to Vulnerabilities of Health Data, Says Rebecca Herold

Share Article

The Privacy Professor® provides an infographic in support of Iowa's Data Privacy Day

To a cybercriminal, medical and health data is 10 times more valuable than a credit card number.

Just as retailers and banks are closing security gaps to keep hackers from penetrating their systems, healthcare organizations and their vendors, as well as those building and selling health devices directly to consumers, must build in better privacy controls to keep health information secure. This is one of several calls to action Des Moines’ Rebecca Herold is making in advance of this year’s Iowa Data Privacy Day.

Herold – a data security and privacy expert who consults with organizations around the world and co-founder of SIMBUS360 security and privacy services – is also a part of the Iowa Health Information Network Privacy & Security Workgroup. The group is working to develop a statewide Security Incident Response Plan to investigate, respond to and report security incidents related to the Iowa Health Information Network.

Gov. Terry Branstad has proclaimed Thursday, January 28, 2016, the seventh annual Data Privacy Day in the state of Iowa to coincide with International Data Privacy Day. This day marks an important opportunity to encourage Iowans to be aware of data privacy concerns in today’s digital, and increasingly connected, society and to take steps to protect personal information.

Internationally recognized as The Privacy Professor, Herold believes Iowa’s Data Privacy Day will inspire individuals and businesses to take privacy seriously and execute actions to preserve it. This year’s focus on medical and health data privacy and security stems from what Herold describes as disturbingly insecure healthcare environments and an often nonchalant view of vulnerabilities among healthcare entities and the patients they serve. Additionally, the number of health tracking and monitoring devices sold directly to consumers is quickly expanding. Often these devices are used without any healthcare provider, such as fitness and diet trackers, involved.

“Consumers are becoming increasingly aware of the threat facing their health information,” said Herold, who cites a recent survey she conducted in which more than a third of respondents said they are “not confident at all” their healthcare provider is appropriately safeguarding their patient information. “That’s likely due to news coverage of things like email phishing attacks and medical data breaches. However, not many people are thinking about the ‘legitimate’ ways their information is being widely shared by well-intentioned professionals, healthcare vendors and connected gadgets.

“The Internet of Medical Things is not on the radar of most Americans,” continued Herold. “In an increasingly connected society, where everything from your fitness band to your smart car are monitoring your body’s function and performance, the risks are coming from many different places. It can be hard to keep track of the risks.”

To open more eyes to the threats posed by the Internet of Medical Things, Herold has developed an infographic enumerating the ways in which health data is collected and shared, often through unencrypted or other insecure means. The infographic takes a look at the following threats and more:

  • Wearables: 500 million users’ health data at risk from unauthorized smartphones that can easily connect to unsecured fitness bands and access clear text health data.
  • Smart Cars: Connected car technologies will communicate “total impairment scores” to insurance companies.
  • WiFi Tracking: Frequencies allow humans to be seen behind walls and provide means for the detection of respiration and heart rates.
  • X-Rays/Imaging: Connected medical equipment transmits patient data across the web, often without encryption.
  • BYOD: Healthcare staff connect their unsecured personal devices to hospital networks, exposing patient data via vulnerable WiFi connections.
  • Drug Pumps: Drug libraries open to hackers who can remotely change values to set fatal doses.

Herold encourages all consumers to ask the healthcare entities with which they do business how their data is secured. Just as important, she says, is reading and understanding the privacy policies that come with ‘smart’ gadgets and other connected technology. Herold believes all patients and consumers have the right to demand the collection and sharing of their information is as secure as possible, as well as to demand transparency about how their data is used and with whom it is shared.

Rebecca Herold is an Iowa-based information privacy, security and compliance expert, author and educator. Herold has provided services and products to organizations throughout the world in a wide range of industries for more than two decades. Her Privacy Professor business has assisted a variety of healthcare and other organizations for the past 12 years. She recently launched SIMBUS360, a cloud-based technology service to provide organizations of all sizes, from one-person shops to large multinational organizations, effective information security, privacy and compliance management programs. Herold is widely recognized and respected; she was named a Privacy by Design Ambassador and declared the “3rd best privacy advisor in the world” by Computerworld.


Iowa Data Privacy Day Proclamation:
Medical Data Infographic:
Professor at:
Twitter ID:

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kelly Moore
KMC (for Rebecca Herold)
+1 (515) 720-9670
Email >

Rebecca Herold

(515) 491-1564
Email >
Visit website