Security: They’re doing it wrong

P2P Networks Rife With Sensitive Health Care Data, Researcher Warns

Computerworld (01/30/09) Vijayan, Jaikumar 

Sensitive medical data is easily available through peer-to-peer (P2P) file-sharing networks, reveals a study by researchers at Dartmouth College. During the study, the researchers used search terms related to the top 10 publicly traded U.S. healthcare organizations to see if they could find medical data on P2P networks such as Gnutella, FastTrack, Aries, and e-Donkey.

Dartmouth professor Eric Johnson says the searches yielded a plethora of information from healthcare companies, suppliers, and patients. For example, Johnson says he was able to find a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes, and other sensitive data belonging to roughly 9,000 patients at a medical testing laboratory.

Johnson and the other researchers were able to obtain the information because employees at healthcare providers installed P2P networks on their computers, which allow users to download and share music and videos from shared folders but also can allow users to obtain other types of files if care is not taken to control which folders users have access to.

Johnson says the study underscores the need for hospitals and other healthcare providers to be aware of the dangers of inadvertent data leakage as well as the need to put improved controls in place to monitor, detect, and stop them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s