Monday, August 22, 2011

Article: " New data spill shows risk of online health records "

The link: http://hosted.ap.org/dynamic/stories/U/US_TEC_MEDICAL_DATA_MINEFIELD?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2011-08-21-16-33-57

" SAN FRANCISCO (AP) -- Until recently, medical files belonging to nearly 300,000 Californians sat unsecured on the Internet for the entire world to see.

" There were insurance forms, Social Security numbers and doctors' notes. Among the files were summaries that spelled out, in painstaking detail, a trucker's crushed fingers, a maintenance worker's broken ribs and one man's bout with sexual dysfunction. "

I'm of two minds on this. First, I do understand and in cases agree with health records being available online - when properly secured.

Think of it this way: A nature enthusiast goes into another state to hike a nature trail. She's wearing a medic alert bracelet with an RFID chip inside it. The chip contains her medical history, including her previous three broken ribs and a severe allergy to penicillin.

She gets injured somehow and is rushed to the local hospital. In the ER one of the people there scans her bracelet and discovers the allergy to penicillin ... just as the ER attending doctor was about to inject her with it.

It could happen, couldn't it? In this case I can't absolutely say that the bracelet saved her life, but I can say it saved her from a severe allergic reaction and possibly lift-threatening injection.

But as the article itself goes on to say later " "Even the most well-designed systems are not safe. ... This case is a good example of how the human element is the weakest link." "

You can say that again. I remember in the original Jurassic Park movie a line about how the people who recreated the dinosaurs were so interested and so fixed on seeing if they could do it that they never stopped to think if they should. Granted, that is a really bad paraphrase, but you get the idea.

Microsoft also suffered from this in some of their earlier OS', at least according to Steve Gibson. They would put something in the OS just to be able to say "Well Windows does that too!"

But they never stopped to think about how such code could be misused. Just as the people responsible for this data apparently never bothered to properly secure it.

I'm not stupid and I'll be the first to admit that there is no such thing as a 100 per cent safe computer. Well, time for that full disclosure thing: There is such a thing as a 100 per cent safe computer, but it can't be hooked up to the web and you can't transfer documents to it. For a complete reading, go here: http://gregb1967.blogspot.com/2009/11/safe-versus-safer.html
In this case that safe computer is nearly useless.

But these people take the cake: " He [Identity Finder researcher Aaron Titus]called the breach "likely a case of felony stupidity." "

I'd also call it a case of not bothering to think about the ramifications of having data on the Internet.

" The data were "available to anyone in the world with half a brain and access to Google," Titus says. "

Um...yeah. It makes me think (and wonder) about my medical data.

No comments: