What We Should Be Learning From The WADA Hacking Scandal
You will have heard by now that the World Anti-Doping Agency (WADA) – the body responsible for preventing doping within professional sports – was hacked by a group who call themselves Fancy Bear.
This has brought to light the seemingly widespread use to TUEs (Therapeutic Use Exemptions) amongst high-profile athletes – allowing for banned substances to be used to treat pre-existing medical conditions in athletes. Bradley Wiggins and Mo Farah have both been in the spotlight in recent days.
The hackers broke into the Anti-Doping Administration and Management System (ADAMS) via an account made for the IOC during the Brazil Olympics. Sensitive medical information about athletes held on the system have been released to the public by the group.
Whilst this has been seen as a breach of security in a sports body, this is really the hacking of a clinical management system, and the high profile release of sensitive medical information.
This should have the digital health industry quaking in its boots.
No system is inpenetrable. There are potential holes in the system everywhere, from NHS smartcards left in readers unattended, shared passwords amongst user accounts, and an ever increasing number of internet facing portals for hackers to gain entry to.
Digital health holds the kind of information we don’t want to get released, and people in the public eye are a great target for hackers, but so are the millions of regular folks whos information could be very valauble.
So, how easy could it be for a hacker to gain access to your product?
A poorly written piece of code here, an unecrypted storing of passwords there, or a poorly contructed password reset process and a hacker could be in.
Security needs to be a first priority in our industry. Surprisingly, I have been involved in conversations where security was brought up as a “we should start making this a higher priority” sort of thing.
Security should never be, in the aftermath of an attack, a situation where you’re wishing you had done more.
Review where you are with it now, put steps in place to ensure security testing is in place, and start preparing to hold a penetration test of your systems.
We have been lucky up until now, but we should not rest on our laurels just because the cross-hairs have not be aimed at our industry until now.
We can do so much could through digital health, but not if trust is eroded because of a breach of information through a maliscious attack.