As Encryption Working Group (EWG) explained in their recent report, there is no universal answer whether data encryption should be utilised by the government or other organisations.
In their report, EWG made the following data encryption observations:
– Any measure that makes encryption weaker works against the national interest.
– Encryption technology is widely available around the world and is a global technology.
– There is no one-size-fits-all solution to the encryption challenge.
– Cooperation between technology companies and the law enforcement community should be fostered by congress.
The report also touched on data security, noting that the increasing use of encryption can at least partially be attributed to a heightened consumer awareness as well as interest in privacy and data security.
Currently, HIPAA rules state that encrypting health data is “addressable” and not “required”. Still, health organisations should not ignore encrypting health data or assume that they do not have to.
Among other ideas presented in the report was the idea of legal hacking. Legal hacking is a term that can be used when a law enforcement agency takes advantage of a digital security vulnerability of a device or service in order to obtain evidence of a crime.
A similar kind of approach could be used in healthcare. A provider could, for example, send out fake phishing emails just to see if their employees would fall victim to the approach. Apart from that, traditional penetration testing is also a valid step.