nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Who Is the Attacker - Analyzing Data Protection Violations in Health Care

verfasst von : Ramona Schmidt, Ina Schiering

Erschienen in: Privacy and Identity Management. Sharing in a Digital World

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Every natural person has the fundamental right of protection in relation to the processing of their personal data. The General Data Protection Regulation (GDPR) is the legal basis for data protection in the European Union. One aspect of the GDPR is that violations of this regulation can lead to significant fines. To ensure data protection, controllers have to analyse and mitigate the risks to the rights and freedoms of data subjects. Many different stakeholders and organisations with or without malicious intentions can pose a risk in this sense. Overall, it is important to know who the attackers actually are and understand the context of potential violations. To this end we analyse data protection violations in the health care sector between July 2018 and March 2023 based on fines imposed under GDPR to identify stakeholders who pose a risk to the data subjects as well as their motives. Surprisingly, it appears that the controller is by far the most frequent perpetrator of a data protection violation while their motives are often just negligence. Insiders like employees often cause a personal data breach accidentally. Measures to enhance competence and awareness are of major importance to foster the compliance with data protection regulations.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Walk in the Labyrinth. Evolving EU Regulatory Framework for Secondary Use of Electronic Personal Health Data for Scientific Research

Nächstes Kapitel Towards Privacy-Preserving Machine Learning in Sovereign Data Spaces: Opportunities and Challenges

AlEroud, A., Masalha, F., Saifan, A.A.: Identifying GDPR privacy violations using an augmented LSTM: toward an AI-based violation alert systems. In: 2021 IEEE International Conference on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom), pp. 1617–1624 (2021). https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00216

Capodieci, A., Mainetti, L.: Business process awareness to support GDPR compliance. In: Proceedings of the 9th International Conference on Information Systems and Technologies, pp. 1–6 (2019)

CMS Law.Tax: GDPR Enforcement Tracker. https://www.enforcementtracker.com/. Accessed 03 July 2023

Dayarathna, R.: Taxonomy for information privacy metrics. J. Int’l. Com. L. Tech. 6, 194 (2011)

Fan, M., et al.: An empirical evaluation of GDPR compliance violations in Android mHealth apps. In: 2020 IEEE 31st International Symposium on Software Reliability Engineering (ISSRE), pp. 253–264 (2020). https://doi.org/10.1109/ISSRE5003.2020.00032

Martin, N., Friedewald, M., Schiering, I., Mester, B.A., Hallinan, D., Jensen, M.: The Data Protection Impact Assessment According to Article 35 GDPR. Fraunhofer Verlag (2020). https://doi.org/10.24406/publica-fhg-300244

Mulder, T.: Health apps, their privacy policies and the GDPR. Eur. J. Law Technol. 10(1) (2019). https://www.ejlt.org/index.php/ejlt/article/view/667

Presthus, W., Sønslien, K.F.: An analysis of violations and sanctions following the GDPR. Int. J. Inf. Syst. Proj. Manag. 9(1), 38–53 (2021)

Saemann, M., Theis, D., Urban, T., Degeling, M.: Investigating GDPR fines in the light of data flows. In: Proceedings on Privacy Enhancing Technologies, vol. 2022, no. 4, pp. 314–331 (2022)

10.

Sirur, S., Nurse, J.R., Webb, H.: Are we there yet? Understanding the challenges faced in complying with the general data protection regulation (GDPR). In: Proceedings of the 2nd International Workshop on Multimedia Privacy and Security, MPS 2018, pp. 88-95. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3267357.3267368

11.

Wolff, J., Atallah, N.: Early GDPR penalties: analysis of implementation and fines through May 2020. J. Inf. Policy 11, 63–103 (2021). https://doi.org/10.5325/jinfopoli.11.2021.0063CrossRef

Titel: Who Is the Attacker - Analyzing Data Protection Violations in Health Care
verfasst von: Ramona Schmidt
Ina Schiering
Verlag: Springer Nature Switzerland
Buch: Privacy and Identity Management. Sharing in a Digital World
Print ISBN: 978-3-031-57977-6

Electronic ISBN: 978-3-031-57978-3

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-57978-3_10

Premium Partner

Bildnachweise

Rittal/© Rittal, NTT Data/© NTT Data, Wildix/© Wildix, Ceyoniq Technology GmbH/© Ceyoniq Technology GmbH, arvato Systems GmbH/© arvato Systems GmbH, Ninox Software GmbH/© Ninox Software GmbH, Everyday Software S.L./© Everyday Software S.L., Redgate/© Redgate, CELONIS Labs GmbH, DC-Datacenter-Group GmbH/© DC-Datacenter-Group GmbH, all for one/© all for one, G Data CyberDefense/© G Data CyberDefense, FAST LTA/© FAST LTA, Vendosoft/© Vendosoft, Kumavision/© Kumavision, Noriis Network AG/© Noriis Network AG, WSW Software GmbH/© WSW Software GmbH

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"