About three months ago an article in the New York Times indicated that our very own Stanford Hospital had a data breach and that many patients records were released. It's important to note that the data wasn't directly leaked by the hospital but instead posted publicly by an outside contractor, who very quickly took it down after being notified of its public availability. The information was expansive but it wasn't everything, it was only of a 6 month period in 2009 and didn't include credit card information, social security numbers, and various other tools for identity thieves.
This incident, along with others nationally, follows a provision of the federal stimulus passage that mandates public reporting of information breaches. This incident reminds us that even hospitals aren't safe from information leaks. In an age where we are all connect I find it discomforting that not only can we contact everyone but we can learn most things about them without even asking. Even though the hospital is trying to make it up by offering free identity protection to those affected, it doesn't change what has happened/is happening around the country. Hopefully in the coming years new ways to protect information online come to fruition because especially with groups like lulzsec and Anon lurking, nobody can be too safe.
I find this disturbing as well, but I can't envision a scenario where hospitals could avoid putting confidential information online. If a patient, like myself, is primarily taken care of in one place, say Connecticut, then develops an illness and has to go to Vaden it would be illogical for Vaden to have no information on me. It would severely limit their ability to do their job and treat me. While it is technically feasible for my primary physician to fax over all my medical records, it logistically wouldn't work on a large scale. Therefore I think we have to just take the risk that hospital data protection is strong enough to keep our important information safe.
ReplyDelete