Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems.
Using peer-to-peer applications, which computer users download to share files, most commonly music and movies, M. Eric Johnson, director of the Center for Digital Strategies at Dartmouth College in Hanover, N.H., was able to access electronic medical records on computers that had the peer-to-peer programs stored on their hard drives. The medical files contained detailed personal data on physical and mental diagnoses, which a hacker could use to not only embarrass a patient but also to commit medical fraud.
One of the largest stashes of medical data Johnson discovered during two weeks of research he conducted in January was a database containing two spreadsheets from a hospital he declined to identify. The files contained records on 20,000 patients, which included names, Social Security numbers, insurance carriers and codes for diagnoses. […]
The federal government has suffered numerous breaches because of peer-to-peer programs. In June 2008, at least 1,000 patients from Walter Reed Army Medical Center had their health records and Social Security numbers compromised.
How is it possible for such sensitive data to be available on peer-to-peer networks online? Peer-to-peer technology can leave computer users information vulnerable to access.
The basic technology that runs peer-to-peer networks inadvertently exposed the files probably without the computer user’s knowledge, Johnson said. A health care worker might have loaded patient files onto a laptop, for example, and taken it home where a son or daughter could have downloaded a peer-to-peer client onto laptop to share music.
Once the client is installed, Johnson said in most cases it exposes every file on a computer’s hard disk to anyone on the file-sharing network.