Study: Health industry worst to shield data
The federal government is best at protecting consumer data and the health care sector is the worst, according to a new study by the not-for-profit Internet Society’s Online Trust Alliance.
The 10th annual Online Trust Audit and Honor Roll analyzed more than 1,200 consumer-facing websites to determine which industry values security and privacy the most.
Here’s how the seven industries the Online Trust Alliance examined ranked:
❚ U.S. government: 91% of audited U.S. federal government sites made the honor roll.
❚ Consumer services (from social media to travel-booking websites to taxprep services): 85% ❚ News and media: 78% ❚ Banks: 73% ❚ Internet retailers: 65%
❚ Internet service providers, carriers, hosters and email providers: 63% ❚ Health care: 57% The health companies include pharmacies, health insurers, hospital systems and genetic-testing businesses.
The Online Trust Alliance evaluated the websites based on how well they protected their email, whether they encrypt sessions with users and what they say in their privacy statements.
“What do you collect, what do you do with it and who do you share it with?” said the group’s technical director, Jeff Wilbur. “By far, the biggest tactic bad guys use is someone steals your credentials. Email represents a starting point of 90% of attacks.”
The Online Trust Alliance’s overall list of the most vigilant about protecting consumer data includes the Federal Emergency Management Agency, Paypal, the First National Bank of Omaha and Dna-testing company 23andme. Ranked first on the list was Google Play.
USA TODAY is on the Online Trust Alliance’s news and media industry’s honor roll.
This year marked the first time the survey included the health care sector, but according to Wilbur, it’s a vital industry. A person’s private medical data could be used for everything from blackmail to insurance fraud.
“Hackers prize medical information to round out the profile of individual they already have information on,” he said. “It makes it worth more when they sell it. It gets to the person more deeply.”
But there’s plenty of exposure all around and with that, victims. For example, in March, the parent company of the Planet Hollywood and Buca di Beppo restaurant chains said diners’ credit and debit card information may have been exposed and in December, the question-and-answer website Quora said a data breach could have affected 100 million users.
David Holtzman has been ensnared in three data breaches – the 2015 U.S. Office of Personnel Management breach from his days as a federal-government employee, the 2017 Equifax breach after he’d applied for a home mortgage and the Marriott breach, the result of two decades as a hotel guest.
“I feel like I can’t protect my funds and my identity. I’m very fearful of what this portends,” said the 60-year-old health-information privacy attorney from Germantown, Maryland.
Holtzman has put credit freezes on his accounts, and remains vigilant about monitoring day-to-day activity in his banking accounts and 401(k).
“As a consumer, the only way I can access my money and monitor my financial well-being is by conducting it through the Internet – the same Internet that was used by hackers to steal my information.”