Search


  • Categories


  • Archives

    « Home

    NextGov: File-sharing networks used to uncover thousands of medical records

    NextGov reports on research (pdf) on the security of medical data conducted by a Dartmouth professor (note that his research was funded by the Department of Homeland Security):

    Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems.

    Using peer-to-peer applications, which computer users download to share files, most commonly music and movies, M. Eric Johnson, director of the Center for Digital Strategies at Dartmouth College in Hanover, N.H., was able to access electronic medical records on computers that had the peer-to-peer programs stored on their hard drives. The medical files contained detailed personal data on physical and mental diagnoses, which a hacker could use to not only embarrass a patient but also to commit medical fraud.

    One of the largest stashes of medical data Johnson discovered during two weeks of research he conducted in January was a database containing two spreadsheets from a hospital he declined to identify. The files contained records on 20,000 patients, which included names, Social Security numbers, insurance carriers and codes for diagnoses. […]

    The federal government has suffered numerous breaches because of peer-to-peer programs. In June 2008, at least 1,000 patients from Walter Reed Army Medical Center had their health records and Social Security numbers compromised. 

    How is it possible for such sensitive data to be available on peer-to-peer networks online? Peer-to-peer technology can leave computer users information vulnerable to access.

    The basic technology that runs peer-to-peer networks inadvertently exposed the files probably without the computer user’s knowledge, Johnson said. A health care worker might have loaded patient files onto a laptop, for example, and taken it home where a son or daughter could have downloaded a peer-to-peer client onto laptop to share music.

    Once the client is installed, Johnson said in most cases it exposes every file on a computer’s hard disk to anyone on the file-sharing network. 

    Read some previous posts to learn more about the health privacy provisions of the stimulus law and medical information technology generally.

    One Response to “NextGov: File-sharing networks used to uncover thousands of medical records”

    1. Topics about Health, Food and Well being » Archive » NextGov: File-sharing networks used to uncover thousands of medical records Says:

      […] Privacy Lives added an interesting post today on NextGov: File-sharing networks used to uncover thousands of medical recordsHere’s a small readingNextGovreports on research (pdf) on the security of medical data conducted by a Dartmouth professor (note that his research was funded by the Department of Homeland Security):Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for c […]

    Leave a Reply