- By Daniela Hernandez
- 6:30 AM
Thursday, April 04, 2013
Just A Reminder That Security Of Health Information Is Not Guaranteed!
The following appeared from Wired a little while ago.
Eugene Vasserman is uneasy about his digital pedometer. The company that makes the thing doesn’t know his name, age, or gender, but it does track his every step and his location. “They know where I sleep. They know my address,” says the Kansas State University cybersecurity and privacy researcher.
Some might think he’s paranoid. But he hasn’t stopped using the device. It’s just that he sees the worst-case scenario — and he’s adamant that the rest of us should see it too. Once health data leaves your immediate possession, he explains, it’s out of your control.
“I’m aware of the tradeoff I’m making … [but] I don’t think people understand what they’re giving up by putting this data out there,” he says. “The direct repercussions are not quite clear because the definition of cloud — excuse the pun — is very nebulous.”
What we do know is that security breaches surrounding healthcare information have been on the rise, according to the Ponemon Institute. And according to the The Washington Post, there are “gaping security holes” in many of the systems that hold our healthcare data.
As more and more health data is hoisted onto the so-called cloud — for research, medical, and, yes, recreational purposes — these vulnerabilities will only expand. Geneticists and bioinformaticians are using the Amazon cloud to crunch through petabytes of genetic data. Electronic medical records are a key part of the Affordable Care Act, and they’ll be the norm in the not-so-distant future. Consumers have jumped on the health “gamification” bandwagon and are sharing their health information with a wealth of companies, many times unaware that their data could be sold to third parties or whether these companies have the proper security measures in place to safeguard their health information.
“Most people see a service, and they just assume it’s safe and secure and they use it,” said Avi Rubin, the director of the Health and Medical Security Lab at Johns Hopkins University. “There seems to be, I believe, a bias when people get hold of a product to trust it and to think that it’s okay until proven otherwise instead of the other way around.”
But as the recent chain of hack attacks at companies like Apple, Twitter, Facebook, Dropbox and most recently Evernote suggest, that may be the wrong assumption to make. “Any system that consists in large part of software is hackable,” Rubin warns. At some point, someone will hack a major repository of healthcare data. And it won’t be pretty.
Lots more here:
All I can do is agree that it is only a matter of time. The stories that are told later in this article a quite concerning - to say the least.
Posted by Dr David G More MB PhD at Thursday, April 04, 2013