Skip to main content
Advertisement
Home

Main navigation

  • Digital Issue Archive
  • Service Directory
  • Awards
  • Advertise
  • Subscribe now

Secondary

  • Travel Insurance
  • Policies & Partnerships
  • Travel Risk Management
  • Travel Trends
  • Hospitals & Healthcare
  • Industry Moves
  • Reviews
International Hospitals & Healthcare Part of the IH&H family
Part of the
IH&H family
International Hospitals & Healthcare
Hospitals & Healthcare

Industry Voice: Safeguarding sensitive healthcare data in a globalised world

Hospitals & Healthcare
4 Nov 2024 | Dominic Steptoe
Share
Security lock digital security

Dominic Steptoe, Chief Product Officer at BOXX Insurance, tells ITIJ about balancing the need for digital innovation with cyber risk and security when it comes to customer information – especially for medical assistance

Technology continues to revolutionise healthcare beyond cutting-edge research and high-tech lifesaving equipment. Healthcare sectors around the world are shifting to digitised medical records, integrated health information systems, and shared networks. For patients, this means improved accessibility, efficiency, and quality of care. It also means that highly sensitive data is being exchanged between healthcare providers across countries, over borders and between jurisdictions.

Transferring medical information introduces a host of risks and complexities that can compromise patient privacy, security, and even healthcare outcomes. Differences in data protection laws between countries could result in inadequate safeguards for transferred data. And where there’s vulnerable data, there are cybercriminals.

In 2022, global cyberattacks against the healthcare industry increased by 74%, and personal health information (PHI) outsells credit card details on the dark web. And yet, on average, healthcare providers allocate no more than 7% of their annual IT budgets to cybersecurity. It’s a significant gap that hackers are ready to exploit.

Cybersecurity in healthcare affects us all.  We need to understand what risks come with digitising and sharing sensitive medical information. What data privacy laws are in place? How is the healthcare sector protecting our data?  Do the benefits of integrated healthcare systems outweigh the risks to our privacy? These are very good questions. Let’s find out. 

Keep on reading

Businessman working on laptop

Cyber insurance market demand may rise as new threats emerge

Demand for cyber insurance is set to grow amid a spate of high-profile attacks, according to a new market report from Bloomberg Intelligence
9 Oct 2024
|
Chloe Fox
The rise of digitisation in healthcare

Digitisation brings many benefits to healthcare. Electronic health records enable providers to swiftly access patient information, enhancing the efficiency of care delivery.

Additionally, telemedicine platforms facilitate remote medical visits, improving access to healthcare services. However, the risks can’t be ignored. Medical data leaks, like unauthorised access to breast cancer records by hackers, show the dangers of storing and transmitting sensitive information online. As healthcare gets more connected, protecting patient privacy becomes crucial.

Cross-border risks in medical data transfers

Varying regulations and standards governing data protection and privacy in different regions could lead to potential legal and compliance challenges. For example, what happens if a patient undergoes medical treatment in one country but then seeks care or consultation in another? The transfer of their medical records from one healthcare provider to another may involve transmitting sensitive personal health information across borders. The risk of unauthorised access, data breaches, or misuse of patient information escalates. Cybercriminals may exploit vulnerabilities in the transfer process to intercept, steal, or manipulate medical data for malicious purposes, such as identity theft, financial fraud, or even extortion. A lack of harmonised standards for data encryption, storage, and access control across jurisdictions can make it very challenging to ensure the security and confidentiality of transferred medical records.

Cultural differences, language barriers, and disparities in healthcare practices between countries can pose additional challenges. Misinterpretation or miscommunication of medical information during the transfer process may lead to errors in diagnosis, treatment, or medication management, potentially compromising patient safety and wellbeing.

Advertisement
The risks of MFT and remote access software

In healthcare, managed file transfer (MFT) systems help hospitals share patient data between different places. This can mean thousands of daily transfers to banks, insurance companies, government agencies, and other hospitals or medical offices. It can also mean serious risks to cybersecurity.

In February 2023, a mass cyberattack on Fortra’s popular file transfer software, GoAnywhere MFT, led to the theft of personal and health data from millions of Americans, including  960,000 paediatric mental health patients.

In navigating the complex landscape of data privacy, it is essential for healthcare organisations to understand the regulatory requirements governing the protection of patient information

In February 2024, a cyberattack paralysed Change Healthcare – the largest billing and payment system in the US. As a result, thousands of providers were unable to secure insurance approval for services, from drug prescriptions to lifesaving surgeries, or receive payment for their services. Prescription drug supplies dried up and care homes closed. It’s reported that hackers exploited flaws in a remote access application called ConnectWise ScreenConnect to bring the healthcare giant to its knees. The total cost to the healthcare system and patients still remains to be seen.

Understanding data privacy laws and compliance

In navigating the complex landscape of data privacy, it is essential for healthcare organisations to understand the regulatory requirements governing the protection of patient information. One such piece of legislation is the General Data Protection Regulation (GDPR) which sets stringent standards for data privacy and security in the European Union (EU), particularly concerning medical data.

One of the key principles of the GDPR is the requirement for explicit consent from individuals for the processing of their personal data. This principle applies to medical information as well, ensuring that patients have control over how their sensitive health data is collected, used, and shared. Additionally, the GDPR mandates that organisations implement robust security measures to protect personal data from unauthorised access, disclosure, or alteration. And there are provisions for the cross-border transfer of personal data, allowing transfers to countries outside the EU only if adequate data protection safeguards are in place. This is particularly relevant to healthcare providers exchanging medical information internationally. 

Other countries and jurisdictions can look to the GDPR and other data privacy laws as a guiding framework for developing their own data protection laws and regulations, especially concerning medical information.

Keep on reading

Abstract image of cybersecurity

Cyber risk the primary global challenge for insurance industry, says GlobalData

Cyber risk is now deemed the most significant threat to the insurance industry, surpassing natural catastrophes and political risks, according to insurance insiders
24 Jul 2024
|
Chloe Fox
Precautions for patient data collection

To reduce the risks of data breaches, healthcare organisations should be proactive in safeguarding patient information. The Information and Data Protection Commissioner (IDPC) suggests using consent forms, privacy policies, and encryption methods to keep medical records safe from unauthorised access. Additionally, maintaining backup copies of medical data ensures that patient care can continue even if there are system failures or data losses.

It’s also important to provide regular training and awareness programmes for staff to foster a culture of data privacy and security within the organisation.

Mitigation strategies for data security

In addition to preventative measures, healthcare organisations should adopt mitigation strategies to enhance data security. These include:

  • Sharing data on a need-to-know basis
  • Implementing multi-factor authentication (MFA)
  • Conducting regular assessments of cybersecurity measures.

Partner review processes are also essential for evaluating the cybersecurity posture of third-party vendors and service providers.

By ensuring that all partners adhere to the same standards of data privacy and security, healthcare organisations can minimise the risk of data breaches and protect patient confidentiality.

Advertisement
Prevention and protection

For healthcare organisations, a thorough comprehension of data privacy requirements within their operational jurisdictions is paramount. Global variations in privacy laws necessitate a strategic approach, typically involving adherence to the most stringent standards, such as the GDPR. Notably, the GDPR stands out for its exhaustive provisions concerning the protection of medical data.

With the escalating cyber threats targeting this industry, it is imperative for healthcare providers to devise a robust security strategy

Moreover, cybersecurity holds immense significance in the healthcare sector. With the escalating cyber threats targeting this industry, it is imperative for healthcare providers to devise a robust security strategy aimed at bolstering prevention measures. In this regard, cyber insurance emerges as a crucial asset, offering financial recourse in the event of cyber incidents. Such insurance coverage extends to expenses associated with data breaches, regulatory fines, and legal fees. To maximise the efficacy of cyber insurance, healthcare providers should seek out policies that come equipped with cybersecurity services and expertise that focus on a prevention-led approach.

While digital innovation promises improved accessibility and efficiency, it also presents risks to patient confidentiality and data security. However, through proactive investments in cybersecurity infrastructure, adherence to data privacy regulations and by leveraging cybersecurity insurance, healthcare providers can manage risks to safeguard patient information effectively.

ITIJ November 286

November 2024
 Issue

This month we look at affinity partnerships and ask if online travel agencies are the perfect partners for insurers; we cover the trends around cruising in the Mediterranean; we delve into the specifics of the Austrian healthcare system; plus we examine international healthcare and technology, asking how far can technology go.

Read full issue

Dominic Steptoe

Dominic is responsible for setting BOXX’s global product strategy and leading marketing and communications across the company. Before joining BOXX, Dominic held senior product and marketing leadership roles at American Express, where he led both regional and global teams for 25-plus years, based in London, New York, Hong Kong, Singapore and Switzerland.

JCI launches global certification to standardise Centers of Excellence GettyImages-2229538647

JCI launches global certification to standardise Centers of Excellence

1 Jul 2026
Chloe Fox
Ebola vaccine

CEPI approves funds for Ebola vaccine development

3 Jun 2026
Oliver Cuenca
APRIL International retains top IPMI service rating for fifth consecutive year

APRIL International retains top IPMI service rating for fifth consecutive year

1 Jun 2026
Siân Yates
telemedicine laptop

South Korea to expand telemedicine services for foreign patients

1 Jun 2026
Oliver Cuenca
Hospitals & Healthcare Headlines
orient-insurance-and-allianz-partners-launch-sphera-international-healthcare-plans

Orient Insurance and Allianz Partners launch Sphera international healthcare plans

The plans, launched under the Sphera brand, are the product of Orient Insurance’s local knowledge, combined with Allianz Partners’ global healthcare expertise
29 May 2026
|
Oliver Cuenca
Medanta hospital expansion

Medanta Group outlines hospital network expansion plans

The healthcare provider is planning a major expansion of its facilities in the coming years, with five new hospitals planned in four Indian cities
28 May 2026
|
Oliver Cuenca
Italy investigates two suspected Ebola cases in Milan linked to Uganda aid workers

Two suspected Ebola cases in Italy linked to Uganda aid workers test negative

The suspected Ebola cases in Milan involving aid workers returning from Uganda underscore escalating cross-border transmission risks linked to the ongoing outbreak
26 May 2026
|
Chloe Fox
Anthropic and Gates Foundation launch $200m AI partnership focused on global health and education

Anthropic and Gates Foundation launch $200m AI partnership focused on global health and education

The new four-year partnership aims to expand access to AI tools and infrastructure across healthcare and education systems
26 May 2026
|
Siân Yates
Dubai UAE skyline night

UAE to build universal healthcare system

The system, which will be underpinned by a national health insurance scheme, aims to provide international-standard healthcare provision to all citizens
25 May 2026
|
Oliver Cuenca
test

The Red Cross has expressed condolences for three volunteers who died after contracting Ebola while handling bodies in the Democratic Republic of Congo

The Bundibugyo strain of Ebola – for which there is no approved vaccine or treatment – has been declared an international public health emergency by the World Health Organization
25 May 2026
|
Michelle Royle
Berlin partnership accelerates AI-driven shift in cardiovascular care

Berlin partnership accelerates AI-driven shift in cardiovascular care

A Berlin partnership aims to advance AI-driven cardiology, highlighting the growing role of predictive, connected care in cardiac disease management, and remote monitoring
25 May 2026
|
Siân Yates
Osaka big crab

Osaka reports high rates of unpaid medical bills from foreign visitors

The issue reported by the government of Osaka Prefecture reflects a broader issue for Japanese healthcare providers
23 May 2026
|
Oliver Cuenca
Read More Hospitals & Healthcare News
H&H February 2025

February 2025
 Issue

Offering readers a deep dive into the issues facing providers and payers of healthcare services around the world. Cost containment, international patient department development, the role of AI in healthcare delivery and more.

Read full issue

Hospitals & Healthcare Long Reads

Suitcase with sandals

Patients without borders

Global travel has rebounded from its pandemic slump – and medical tourism is no exception. IH&H explores the top destinations for cross-border care, and the treatments patients are seeking
1 May 2026
|
Editorial Team
Woman in airport

Canadian patients look abroad for healthcare relief

Milan Korcock shares details about Canadians bypassing domestic waiting lists and heading abroad for care, exploring why the trend is accelerating, which treatments are most affected, and how insurers are...
1 May 2026
|
Milan Korcok
Image of south korea landscape

South Korea’s medical tourism surge

Chloe Fox speaks to industry experts about South Korea’s rise as a medical tourism hub, the global demand for K-beauty and advanced treatments, and the patient-focused services shaping the sector’s...
1 May 2026
|
Chloe Fox
Singapre city skyline

Singapore’s IPMI shift: a blueprint for Southeast Asia’s healthcare future

Singapore’s regulatory adjustments, provider-payer collaboration, and emphasis on transparency offer practical lessons for healthcare systems in Thailand, Malaysia, Indonesia, and Vietnam as they navigate rapid private healthcare growth, medical inflation, and...
1 May 2026
|
Lauren Haigh
Landscape of India

A passage to India

For the citizens of India, and many expats, public healthcare provision can vary wildly depending on where they are. But what does the private healthcare landscape look like – particularly...
1 May 2026
|
Stefan Mohamed
Illustration of doctors

Safe and responsible adoption of AI in healthcare

David Qu explores how AI is transforming global healthcare, from patient care to drug discovery, while addressing data, bias, privacy, and ethical challenges
1 May 2026
|
Editorial Team
Doctors with graphs behind them

From cash pay to covered benefit: the rise of stem cell therapy in insurance

Jonathan Edelheit, CEO of Healthcare Revolution and Co-Founder and CEO of the Medical Tourism Association, shares how regenerative medicine is now sufficiently mainstream that insurers are changing their benefits structure...
1 May 2026
|
Jonathan Edelheit
Graphs and charts

UK wealth moves signal global shift in premium healthcare demand

Karim Idilby, Chief Growth Officer, AXA Global Healthcare, discusses shifting global wealth migration, the policy forces driving talent mobility, and evolving expectations for international healthcare
1 May 2026
|
Karim Idilby
Read More Hospitals & Healthcare Long Reads

Why subscribe to ITIJ?

In-depth analysis

In-depth analysis

Unique insights and expert opinions on the latest industry developments

A wider perspective

A wider perspective

Get the global view on the topics that are trending in your region

Breaking news

Breaking news

ITIJ.com has all the latest news relevant to travel insurance and IPMI professionals

Subscribe now
ITIJ IH&H

Footer menu

  • About Us
  • Subscribe
  • Advertise
  • Contact
  • Privacy Policy
  • Terms
  • Voyageur
International Travel & Health Insurance Conferences

Social

  • LinkedIn link
  • Twitter link

© Voyageur Publishing & Events 2026

Close