In the last month or so, we’ve seen breaches of healthcare records where each breach is measured in the hundreds of thousands. There was the Utah Dept of Health breach, the South Carolina Dept. of Health and Human Services breach, and the Emory Healthcare System breach. But it’s not just here that huge breaches involving PHI have been reported. I just came across this story from The Netherlands on DutchNews.nl:
A leak in internet security has enabled a television reporter to gain access to the medical records of 300,000 people held on a computer system for company doctors.
Television show Zembla will show this evening how its reporter was able to use simple techniques to look at the company medical records of staff from football club FC Twente, department stores De Bijenkorf and V&D and Deventer town council.
Nijmegen University computer security expert Bart Jacobs told the show this is a ‘nightmare scenario’. ‘This is shocking. You can easily blackmail people,’ he said.
IT company VCD says it is doing all it can to close the leaks in its Humannet computer programme.
On Thursday it emerged confidential medical records belonging to thousands of people in Brabant were easily accessible on a website for medical professionals.
The information came from a laboratory which carried out blood and other tests and was uploaded on the Cyberlab website. But Cyberlab users were able to access the test results using a simple password and find out, for example, if patients were HIV positive.
In December, health minister Edith Schippers reached a deal with doctors, pharmacists and hospitals to store the health records of nine million people centrally, if they give permission. Insurance companies and patient groups have also agreed to cooperate.
This privately-run scheme will replace government efforts to set up a central medical record system, which was voted down in the senate because of concerns about privacy.
Is “nightmare” the right word to describe this situation? I think so.