fringe: P2P Puts Medical Data At Risk

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.informationweek.com/news/healthcare/security-privacy/showArticle.jhtml?articleID=224000042

By Nicole Lewis
InformationWeek
March 18, 2010

Many home computer users don't realize it, but the next time they download 
a movie, a video or some old sentimental song, they may be giving an 
intruder the opportunity to search the PC's files for sensitive 
information, including their health records, a new study finds.

What kind of sensitive information? Well, according to Khaled El Emam, 
Canada research chair at the University of Ottawa, and the lead on a 
research paper on the inadvertent disclosure of personal information 
through peer-to-peer file sharing programs, the information found was 
"very personal and very rich in detail."

By using simple search terms like "patient file", "medical form", or 
"medical", researchers retrieved medical authorization forms, confidential 
corporate information, and private letters.

"For example, we found a letter that a mother wrote to her 16-year-old 
daughter's camp director giving him all the complete details of her 
daughters medical history, health conditions, health insurance card 
numbers, and her medications," El Emam said.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php