P2P Networks Rife With Sensitive Health Care Data, Researcher Warns

Computerworld (01/30/09) Vijayan, Jaikumar 

Sensitive medical data is easily available through peer-to-peer (P2P) file-sharing networks, reveals a study by researchers at Dartmouth College. During the study, the researchers used search terms related to the top 10 publicly traded U.S. healthcare organizations to see if they could find medical data on P2P networks such as Gnutella, FastTrack, Aries, and e-Donkey.

Dartmouth professor Eric Johnson says the searches yielded a plethora of information from healthcare companies, suppliers, and patients. For example, Johnson says he was able to find a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes, and other sensitive data belonging to roughly 9,000 patients at a medical testing laboratory.

Johnson and the other researchers were able to obtain the information because employees at healthcare providers installed P2P networks on their computers, which allow users to download and share music and videos from shared folders but also can allow users to obtain other types of files if care is not taken to control which folders users have access to.

Johnson says the study underscores the need for hospitals and other healthcare providers to be aware of the dangers of inadvertent data leakage as well as the need to put improved controls in place to monitor, detect, and stop them.