Personal Data – When the Invaluable Falls into the Wrong Hands

Recently, the news has listed numerous egregious data thefts from large insurance companies as well as concerns of data security from the infamous Healthcare.gov site. Recently, close to 840,000 individuals may have had their personal information compromised including some “clinical” information through the theft of two company laptops owned by a large medical insurance company.

Although much has been made about loss of financial data, I haven’t seen much emphasis on the ways in which a nefarious actor could leverage the acquisition of someone’s health information.

In general, most people seem to have a strong aversion to sharing their medical records publically.  Numerous reasons come to mind which may drive this behavior. Concerns that it could possibly affect insurance eligibility, ability to maintain or gain employment, and/or it could be that they do not wish to reveal possible “embarrassing” physical or psychological medical conditions, as well as treatments.

Medical data is rife with clues which reveal other details about one’s personal life such as eating, fitness and lifestyle habits and perhaps some genetic resident diseases.  This provides a somewhat unique attribute for those who are interested in causing directed harm against a fellow person. 

Medical information loss can be monetized or leveraged in numerous nefarious ways such as the following: 

  • The ability to create a false ‘avatar’ to gain access to medical insurance or payments
  • The ability to sell information on ones’ medical record – – this can be especially valuable if the person is in the public eye or otherwise in a public ‘trust’ position (e.g. Judge, high ranking official, celebrity, etc.)
  • The ability to leverage the information against a person – – e.g. psychological reviews if revealed might jeopardize a person’s very employment.

Organizations have a fiduciary responsibility to keep sensitive information secure. In the end, a loss of medical personal information can be more devastating than the loss of personal financial information or prove to be higher than the value of the physical object it resides on.

No Comments

Trackbacks/Pingbacks

  1. Healthcare Data of 840,000 at Risk After Laptop Theft | Apcrunch - […] diseases,” Carl Herberger, vice president of Security Solutions at Radware wrote in a blog post. “This provides a somewhat …
  2. Healthcare Data of 840,000 at Risk After Laptop Theft - […] diseases,” Carl Herberger, vice president of Security Solutions at Radware wrote in a blog post. “This provides a somewhat unique …

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>