Mexican company Hova Health, specialized in developing and providing technology services for the health sector, confirmed at the beginning of this week that it left 2.3 million clinical files exposed. “The data was neither stolen nor leaked, but it was partially exposed,” said Alexis Nickin, company’s Director and Founder in an interview with El Economista. “Yet, our customers can be sure that their information is protected. We have the confirmation that the information was exposed but not downloaded.”
The exposed medical files contain the users’ full names, in addition to their CURPs, insurance policy numbers, ethnic origins, legal status in the country, details of disability, dates of birth, dates of creation and modification of the file, sex, nationalities and zip codes.
“It has been one of the most serious cases registered, but this has not been the only one in the country,” said Gustavo Parra Noriega, from the National Institute of Transparency, Access to Information and Protection of Personal Data (INAI).
Eset, a company specializing in computer security, recently published the Latin America Security Report 2018, where it collated information from more than 2,500 companies and 15 countries in the region. According to the report, in 2018, malicious codes represented the main concern in cybersecurity and 57 percent of the companies acknowledged feeling threatened by ransomware attacks, vulnerabilities and infrastructure failures and malware attacks. The report places Peru in the first position, since it accounts for 25 percent of the incidences, while Mexico ranked second, with 20 percent.
Yet, according to the Global Cycle Security Index 2017 (GCI) published by the International Telecommunications Union (ITU), Mexico has the best score among Latin American countries to counterattack these cyberthreats thanks to “a complete package of cyber legislation covering crime, data protection, data privacy and electronic transactions.”
Mexico is making progress in strengthening its security policies and in digitizing its economy but it still has a long way to go before it becomes a country with a strong digital infrastructure. The authorities are focusing on creating policies that strengthen cybersecurity, but companies must also adopt best practices in data management. In the health industry, according to Health IT Analytics, companies must ensure better control and security of data, find a place to store them, use protection tools and engines and ensure constant physical and virtual monitoring of their databases to avoid any risk.