IT expert urges standardized cybercrime framework

Fri, Mar 27th 2015, 12:00 AM

The Bahamas needs to adopt a standardized framework for preventing and reporting local cybercrime activity to prevent further security breaches in its financial services and healthcare industries, according to Dr. Raymond Wells, deputy director of Information Technology for the National Insurance Board (NIB).

Wells told Guardian Business yesterday that while he had not seen any data breaches relating to NIB, both the financial services and healthcare sectors are particularly at risk. With National Health Insurance (NHI) slated for January 2016, Wells said that The Bahamas needed to either develop its own framework or look to international models to ensure that the information in the country's healthcare system remained secure.

"I am seeing data breaches in the financial industries and the healthcare industries that are significant. Organizations need to ensure that their systems are developed along best practices. It's no longer acceptable to be connected and have a system that's just there, implemented without any serious thought, because the ramification of that data being leaked is very significant. And so that's what's happening in those industries," Wells said.

Wells identified the U.S.' Health Insurance Portability and Accountability Act (HIPAA), which contains strict provisions for addressing and responding to security breaches that are identified either during audits or the normal course of operations, as a potential model for The Bahamas moving forward.

"Depending on how NHI is developed and implemented, I think it's important that The Bahamas uses some framework to roll out that system in accordance with something like the U.S.' HIPAA, which the healthcare industry used as a guide to implement their system," he said.

While Wells said that the number of cybercrimes in The Bahamas was on rise, he noted that concrete cybercrime figures were difficult to calculate given the country's lack of data breach reporting act, which would require companies or government organizations to notify clients in the event that a security breach compromised their personal information.

"I think one of the first things we need to do is ensure that we have a good reporting of breaches. The reporting of breaches should take place to the customers that are being breached and that should be in the form of a data breach reporting act where if certain classes of personally identifiable information (PII) are breached, then that would be reported to the persons that are impacted and reported to the government through a regulatory body as well. Once we have that in place, I believe that the government needs to start looking at aligning itself with the international fight on cybercrime," said Wells.

Wells encouraged the country to sign onto the Budapest Convention, the first international treaty addressing cybercrime through the unification of laws and increased member state cooperation, if The Bahamas wished to take cybercrime seriously and engage the issue on an international scale. 44 states have ratified the convention since October 2014, with another nine states having signed the convention but not ratified it. To date, the Dominican Republic remains the only Caribbean state to ratify the convention, which went into effect in July 2004.

"I think we should sign onto the Budapest Convention. It requires a set of laws that needs to be enacted but we do have quite a number of the laws already in place. It's now just a matter of making sure that they meet the requirements of the Budapest Convention and that will enables us to engage internationally in the fight on cybercrime," he said.

Click here to read more at The Nassau Guardian

 Sponsored Ads