At a glance.
- Data breach at a Maryland medical center.
- NIST on differential privacy.
- Protecting student data in the cloud.
Maryland medical center suffers email data breach.
CBS Baltimore reports that patients of Anne Arundel Medical Center, located in the state of Maryland, are being notified of a data breach that might have compromised their medical data. According to a notification letter distributed by the center’s parent company Luminis Health, an intruder gained unauthorized access to the employee email system, though it’s unclear whether or which individual emails were viewed. Patient names, dates of birth, and Social Security numbers were among the data contained in the emails. The system has been secured and the company is making efforts to prevent future incidents, including staff training and employing multi-factor authentication for email accounts.
NIST on the evolving field of differential privacy.
In the final installment in the National Institute of Standards and Technology’s (NIST) blog series on differential privacy, NIST examines how the selection of a privacy parameter impacts the resultant level of privacy protection, as well as how the existence of neighboring databases can impact real-world applications. When employing differential privacy, data scientists must take into account the resultant tradeoff between privacy and utility, and the difference between utility and accuracy, as utility can make or break the usefulness of the output. NIST concedes that differential privacy can be highly useful in cases involving counting, summation, or average queries over a large set of data, and open-source software tools for applying differential privacy methods in these cases are readily available. For other types of analyses, data scientists are still working toward developing accessible tools.
Protecting student data in the cloud.
With learning institutions becoming increasingly reliant on video conferencing platforms like Google Workspace and Microsoft 365, the Journal discusses the importance of securing student data from potential theft. US federal privacy laws like FERPA, COPPA, and CIPA offer a level of protection, but the surge in cyberattacks on schools has led local governments to establish their own legislation. Over forty new laws cropped up in 22 states in 2020, including the Illinois’ Student Online Personal Protection Act, Texas’ Senate Bill 820, and New York’s State Education Law 2-d. At the federal level, the K-12 Cybersecurity Act, signed in October 2021, tasks the Cybersecurity and Infrastructure Security Agency with assessing the cybersecurity risks faced by K-12 institutions in order to develop suitable cybersecurity guidelines. However, adherence to these guidelines will be voluntary. Given that 77% of school administrators surveyed in a recent report from ManagedMethods said they were not very concerned about data breaches, the question remains, are districts properly prioritizing the security of student data?