Encryption Is the Digital PPE the Health Care Industry Needs Now

A lack of personal protective equipment and ventilators are top of mind for doctors, nurses and hospital administrators on the front lines of the COVID-19 pandemic, and for good reason – lives hang in the balance each minute of each day. But that’s not the only challenge straining health care providers still grappling with the outbreak of COVID-19 across the country.

Cybercriminals have found a new goldmine in the increasing amounts of health data online, and the recent surge in attacks points to massive security gaps with both providers and patients.

However, the rise in criminal activity is not entirely surprising considering the vast amount of health data online. Telemedicine is also increasingly supplementing a traditional visit to the doctor’s office. Many U.S. hospitals now rely on digital records. And with companies racing to develop contact tracing and other health tracking apps, the sheer volume of data being generated is hard to grasp.

The threat is so dire that in a rare announcement last month, cybersecurity officials in both the United States and the United Kingdom warned that national and international health care organizations should brace for cyberattacks during the COVID-19 pandemic. In addition, the CyberPeace Institute has put out a call for governments to work together to address cyber attacks on health care, which is rapidly becoming the No. 1 target for cybercrime.

The good news is digital protective equipment for our health care system already exists, and it can be used by anyone — encryption.

Encryption is an important technology that helps internet users keep their information and communications confidential and secure, and serves a crucial role in reinforcing the personal security of billions of people every day.

Encryption can help the health care industry boost its digital security practices in two ways. The first is protecting “data at rest” (e.g., data stored on hospital servers) by encrypting stored data so that even if it’s breached it will be useless to the attacker. Encryption can also protect “data in motion,” which is crucial to keeping telemedicine communications between doctors and patients confidential. Strong encryption is vital to protecting the data and records from bad actors.

End-to-end encryption provides the highest level of security. It not only protects the communication from interception by bad actors, but also prevents the company providing the video conferencing service from accessing that communication. The only two parties that should have access to a telemedicine treatment session are the doctor and the patient.

But while encryption is vital to the integrity of the health care industry, some governments are trying to undermine it.

This is why we have joined forces with other forward-leaning organizations to form the Global Encryption Coalition, to advocate strongly against government attempts to weaken encryption. We also call on governments to promote digital security by proactively deploying strong encryption and employing privacy-by-design principles in the design and implementation of digital technology solutions for health and telemedicine.

Weakening encryption would open Pandora’s box for potential criminal activity and could have devastating consequences for the personal security of billions of people and for industries trying to navigate a global health crisis. Breaking encryption, even with the best of intentions, puts all digital infrastructure at risk.

Both the executive order on Section 230 that President Donald Trump signed last week and the EARN IT Act – legislation before the U.S. Congress that some critics have dubbed the “anti-encryption bill” – contain dangerous flaws and attempts to undermine encryption. However, the Invest In Child Safety Act aims to solve the same problem as the EARN IT Act, combatting online child exploitation, but without threatening encryption.

The most effective way to ensure the security of our health information is to adopt and preserve uncompromised, end-to-end encryption practices, as well as the policies that support them. We look forward to working alongside leaders in the Global Encryption Coalition to ensure strong encryption for people and industries alike.

Kenneth Olmstead is a senior adviser on internet security & privacy at the Internet Society. Greg Nojeim is the director of the Freedom, Security & Technology Project at the Center for Democracy & Technology. Charles Bradley is the executive director of Global Partners Digital.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Morning Consult