DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

P2P networks rife with sensitive health care data, researcher warns

Posted on January 30, 2009 by Dissent

Jaikumar Vijayan reports on the issue of p2p exposures compromising the security and privacy of health data:

Eric Johnson didn’t have to break into a computer to gain access to a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients at a medical testing laboratory.

Nor did he need to ransack a health care facility to lay his hands on more than 350MB of sensitive patient data for a group of anesthesiologists or to get a spreadsheet with 82 fields of information on more than 20,000 patients belonging to a health system.

In all instances, Johnson was able to find and freely download the sensitive data from a peer-to-peer file-sharing network using some basic search terms.

Johnson, a professor of operations management at the Dartmouth College Tuck School of Business, did the searches last year as part of a study looking at the inadvertent hemorrhaging of sensitive health care data on Internet file-sharing networks.

The results of that study, which are scheduled to be published in the next few days, show that data leaks over P2P networks involving the health care sector pose a significant threat to patients, providers and payers, Johnson said.

Read more on Computerworld


Related:

  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • North Country Healthcare responds to Stormous's claims of a breach
  • Texas Enacts Electronic Health Record Data Localization Law
Category: Health Data

Post navigation

← UK: Hospital apology over laptop theft
K-STATE: K-State Identifies Computer Security Lapse →

2 thoughts on “P2P networks rife with sensitive health care data, researcher warns”

  1. Anonymous says:
    February 1, 2009 at 7:17 am

    The health data “leaks” reported in the Dartmouth study below would NOT be reported to the victims because the HIT stimulus bill exempts “inadvertant” breaches from the reporting requirement. Only “willful” breaches have to be reported. But Americans need to know about ALL breaches, not just the few, rare “willful” breaches.

    The current version of the HIT bill is not adequate to address the P2P problems the Dartmouth researcher found:

    • “The information found on the networks originated from health care companies, suppliers and patients, and included sensitive patient health and identity information, insurance and billing data, and business documents. The data found on P2P networks included medical diagnoses and psychiatric evaluations, and even blank, signed prescription forms that anyone could have easily copied and filled out.”

    If you care about YOUR privacy or that the ‘breach notice’ in the HIT stimulus bill has been gutted, please call your members of Congress on Monday. Congress wants the Stimulus package on President Obama’s desk to sign in the next 2 weeks.

    Deborah C. Peel, MD
    Founder and Chair

    Patient Privacy Rights

    http://www.patientprivacyrights.org

    Our mission is to ensure Americans control all access to their health records.

  2. Anonymous says:
    February 1, 2009 at 7:47 am

    Are you aware that EPIC.org says on its web site that ” Patient Privacy Rights has expressed support for the legislation. ” ?

    I agree that all breaches need to be reported, and wish more people would contact their legislators to say that we want and need strong breach notification and disclosure laws (and not just for HIT).

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack
  • Cyberattacks Paralyze Major Russian Restaurant Chains
  • France Travail: At least 340,000 job seekers victims of new hack
  • Legal Silence and Chilling Effects: Injunctions Against the Press in Cybersecurity
  • #StopRansomware: Interlock
  • Suspected XSS Forum Admin Arrested in Ukraine
  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.