Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The risk of patient information disclosures on peer-to-peer (P2P) networks is much higher than if a health care worker loses a laptop or removable storage device, according to new research.Dartmouth College business professor Eric Johnson has written a report called “Data Hemorrhages in the Health Care Sector” and plans to present his findings later this month at the Financial Cryptography and Data Security conference, Johnson told SCMagazineUS.com. P2P networks are internet-based file sharing networks that allow users to share music or other files -- LimeWire or BearShare are popular examples. Over a two-week period, Dartmouth College researchers, in collaboration with P2P monitoring vendor Tiversa, searched file-sharing networks for key terms associated with the top ten publicly traded health care firms in the USA, and discovered numerous sensitive documents – for example, a spreadsheet from an AIDS clinic with 232 client names, including Social Security numbers, addresses and birthdates. The researchers also discovered databases for a hospital system that contained detailed information on more than 20,000 patients, including Social Security numbers, contact details, and insurance records, along with diagnosis information. The researchers also found a 1718-page document from a medical testing laboratory containing patient Social Security numbers, insurance information, and treatment codes for thousands of patients. And in another place relating to a group of anesthesiologists, more than 350 megabytes of data comprising sensitive patient reports were found. There are numerous ways confidential data can inadvertently get on a P2P network, Johnson said. For example, users could share folders containing sensitive information because of a confusing client interface or because they have music and data in the same folder. Or they could potentially download malware that exposes files or install a vulnerable program that unintentionally shares files the user did not intend to.Johnson said that health care organisations should be worried about the threats of P2P networks. Because even if they ban employee use of P2P, many times patient data winds up on the laptops of individual physicians or partners -- so the potential for any one of those users to participate in P2P goes up, Johnson said.The root problem, though, is that health care organisations store confidential and highly sensitive data in unprotected and easily portable formats such as Microsoft Excel spreadsheets, Word documents, or PDFs, he said. Preventing users from using P2P networks is just a "Band-Aid" fix for a bigger problem, since there are many other ways data can be leaked from an organisation.Health care firms must implement systems in which users can look up information on a patient but cannot download the data to a spreadsheet, he said. The $818 billion economic stimulus bill passed two weeks ago by US Congress provides money to computerise health records and also calls for stringent security and privacy controls.“The bigger issue is moving toward a robust enterprise data system based on a universal medical record format,” Johnson said. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.