Cyber Threats to online communities can impact health and privacy of group members. Here are the top priority cybersecurity and privacy issues that are creating problems for online support communities:
1. Privacy Breaches
Online Health Communities need to be able to trust that the information shared in a group stays within a group. Group members and leaders need to have their decisions about privacy respected.
Some privacy breaches are the result of cybersecurity attacks. Others are due to fraudulent behavior by platform administrators. Some breaches happen due to honest mistakes. But privacy breaches have had dire consequences.
2. Medical Misinformation
One of the greatest values of online peer support is gathering knowledge and experience from peers who have a shared identity. But “misinformation attacks” are becoming more common, making it more difficult for communities to maintain high-quality information resources for their communities. Online Health Communities need support to identify medical misinformation, and to support respectful debate and dialogue in a way that meets people where they are. Sometimes this means providing access to existing evidence, and sometimes this means creating new sources of reliable evidence for issues that are not well-studied by the Medical community.
3. Targeted Harassment
Online health communities need to be equipped to moderate disagreements among group members. These communities also to protect themselves from trolling, doxxing, and harassment from malicious actors who target a vulnerable group with the intent to cause harm to members.
”Although some in the medical profession grasp the scope and severity of this threat and have appropriately sounded an alarm, health professionals, for the most part, professional societies, and relevant government entities have been slow to address this issue.- Eric Perakslis, PhD & Robert M. CaliffJAMA June 14 2019
What is Cyber Hygiene?
Protecting yourself on social media is already difficult. It’s time to re-think our daily habits on the internet.
Are you leading a peer support for a health condition on the internet? There are a range of different ways that your leadership and practices are a ‘gateway’ for the privacy of your group members. For example, if you are group administrator on Facebook your login and passwords have the power to impact not only your privacy, but those of your peer support group members. That makes you a high-value target for online attackers.
In the real-world we practice hygiene to stay healthy and keep germs or viruses from spreading. Basic habits like washing our hands and brushing our teeth are part of our daily routines because we know they are healthy habits that protect our health. Many similar principles apply when thinking about your practices as a patient engaging on social media.
“Cyber Hygiene” is a set of habits that can be used to protect against certain bad outcomes on the internet. In the same way that you wash your hands in order to prevent infections, good online habits tend prevent malicious hackers from taking ‘infecting’ your digital resources as a patient on social media. In the same way that real-world hygiene ends up being a “list of things you have to remember to do everyday”, Cyber Hygiene is also best expresses as a “list of good habits”.
Eventually, The Light Collective will be releasing resources specifically to train Group Administrators and ePatient community leaders on social media to understand the specific Cyber Hygiene habits that matter most when a person or group has specific information that they need to protect.
Until then, we recommend resources from the Electronic Frontier Foundation, such as their Surveillance Self Defense resource, which is a great place to start when trying to protect how your data moves online.
Embracing evidence-based cyber security practices.
Health communities online need to be equipped to handle emerging threats. To empower these communities, we are applying basic principles of cybersecurity develop resources and tools.
The National Institute of Standards and Technology Cybersecurity Framework10 lists 5 core cybersecurity functions: identify, protect, detect, respond, and recover. All of these functions are readily applicable to online health communities.
The Light Collective embraces the use of white hat techniques to confront threats to health communities online. Principles like responsible disclosure are critical to ensuring that patients and patient communities are protected online.
The Evidence + Advanced Reading
1. Report On Improving Cybersecurity in The Health Care Industry
This report was developed by the Health Care Cybersecurity Task Force in June 2017.
3. Weaponized Communication: Twitter Bots and Vaccine Trolls Amplify the Vaccine Debate
Broniatowski DA, Jamison AM, Qi S, et al. Weaponized Health Communication: Twitter Bots and Russian Trolls Amplify the Vaccine Debate. Am J Public Health. 2018;108(10):1378–1384. doi:10.2105/AJPH.2018.304567
4. How a Facebook Group of Sexual Assault Survivors Became a Tool For Harassment
When governance and privacy controls are not in place, a group can be used for blackmail and harassment. This is an example of what closed support groups online need to be equipped to protect their members from.