Health Data Privacy: Stolen medical records can compromise your identity
In spite of alerts given and security patches available (many not installed), the 2017 WannaCry attack scale was unprecedented. WannaCry has compromised over 300,000 machines worldwide, demanding ransoms in the form of Bitcoin. Fifty U.K. hospitals have had system-wide lockouts, delays for patient care, and loss of function in connected devices such as MRI scanners and coolers for blood storage. This attack was not aimed specifically at healthcare institutions, but the damage was widespread.
We’re in the era of digital information. Nearly all facets of our lives–business finance, education, government, and entertainment are affected by digital communications & information services. Clinical medicine is highly informative, but it is one of the few areas of our society where access to information by machine is very limited in areas such as billing and preparation, laboratory results reporting, and diagnostic tools (like radiology and cardiology).
However, the transfer to widely accepted electronic records (EPRs), due to numerous pressure levels, is accelerating and is inevitable. These include the desire to improve healthcare through timely access to information and the need for continuous access to medical records, healthcare workers, and administrators. These also include meeting the needs of highly mobile patients, increasing cost efficiency, and increasing the use of telemedicine/telecare.
Health technology is capable of expanding, protecting, and improving life. This ranges from electronic register storage (EHRs), healthcare and delivery control devices (including wearables and general-purpose devices and body-incorporated technology), and remotely-even worldwide telemedicine technology supplying care. Patients increasingly use mobile apps, which can now be integrated into the medical Internet of Things (IoT) for collaborative management of diseases.
Present data protection research studies the issue from a theoretical perspective by making assumptions on the background of the attacker’s knowledge. It also studies the quantification of external knowledge and sanitization of data to ensure that the level of disclosure is lower than a certain threshold.
”Once you’ve lost your privacy, you realize you’ve lost an extremely valuable thing.” – Jodi Rell.