Why Healthcare Security Matters

Discussion in 'other security issues & news' started by ronjor, Jul 22, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://www.securityweek.com/healthcare-security-matters
     
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Moot as far as I'm concerned - I fully expect the UK Health Secretary - Jeremy Richard Streynsham Hunt - to try again to sell all NHS health records in the UK to insurance companies - he last tried in 2013, reportedly planning to sell them for £1 a go. Apparently he was not too concerned with the lawfulness of such a move, or its effect on privacy and doctor-patient confidentiality, but it would certainly destroy the market for anyone stealing the information.

    It's one of the most galling and damaging of misuses of data IMO, because the public health benefit of anonymised searchable healthcare records would be huge, if you could trust that the use of the data would be just for that purpose.
     
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    We have to be careful about dismissing one exposure simply because there is some other grossly similar exposure. There are numerous ways a commercial insurance|other company could abuse healthcare records, but would those companies use the information within those records to carryout identity theft, for example? A hacker who has gained access to such records might do so or sell them to someone who would. I think this particularly true in the US, where absolutely ridiculous simple questions are used to gain access to credit histories and some other sensitive info.

    I would also point out that healthcare records are, by nature, specific to an individual and therefore difficult to anonymize. Especially if the intent is to preserve detail that might be of interest to some researchers. Such as a detailed chronology of exams and tests, test results, treatments, prescriptions, etc plus some demographic information like sex, age, general location (in case there is a localized environmental cause), type of employment (in case that factors in), sports/activities (in case that factors in), etc, etc. Even at a high level, such information could be used to fingerprint an individual and to recognize them in other contexts where they share their history and other information. In addition to that there are often test timestamps, facility identifiers, and [potentially unique to a geographic area] equipment identifiers that can act as breadcrumbs and lead to the specific patient. Plus, there is all the patient specific test data (images, blood test results and possibly genetic markers, etc, etc).
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Yes, formidably hard to anonymise healthcare records properly - and quite likely that one would have to trade some utility for anonymity. But it seems to me that you can gain the majority of the value and keep anonymity high by reducing some specifics (like precise location, age etc.).

    And quite agree, I'm not advocating fatalism with the data - only bemoaning that governments are not just careless but also complicit in allowing it into the wild. Whereas I have a choice in terms of what data I choose to give to commercial services, my healthcare records are mine and private, and were there way before these issues became prominent, but the deal has always been that they were confidential and only used for purpose. I have not consented to their (ab)use by a government I'm right not to trust.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://www.pcworld.com/article/2952...ty-of-mobile-devices-used-in-health-care.html
     
  6. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    what kind of moron would even think of doing such a thing unless he thought he could get away with it or there would be minimal punishment at best. no accountability by those in govt.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://www.securityweek.com/healthfirst-5300-members-exposed-fraud-incident
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://www.networkworld.com/article...mation-in-the-wrong-hands-can-be-painful.html
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://www.net-security.org/secworld.php?id=18796
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    https://threatpost.com/ny-health-provider-excellus-discloses-data-breach-dating-to-2013/114615/
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://oig.ssa.gov/newsroom/blog/apr29-medicare-card-SSN
     
  18. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    769
    Location:
    "Here on Wilders"
    I just received my Medicare Card 2 months ago. I hope I'm alive to get the new card. Our Government fast at work. :rolleyes:
     
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://www.net-security.org/secworld.php?id=18980
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    "http://www.eweek.com/small-business/cyber-criminals-increasingly-target-health-organizations.html
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  25. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://www.net-security.org/secworld.php?id=19040
     
Loading...