The Wall Street Journal’s Health Blog has a post this morning highlighting another breach in medical record security, this time some 50,000 records or so at New York Presbyterian Hospital/Weill Cornell Medical Center.
What is surprising here (and then again maybe not) is that it appears that medical records themselves (patient history & treatment(s)) were not the objective of the ID theft, but those tried and true bits of information such as name, SS number, addresses, etc. that there is already a market. Maybe all the concerns about the theft of medical information is not as big an issue as there may be little interest in such information among thieves – at least I haven’t heard of any examples to date where this information has ben used in a nefarious manner. Unless of course you happen to be Brittany Spears, Farrah Fawcett, George Clooney or some other celebrity, for which we all know the National Enquirer will pay a princely sum for such info.
Concern about privacy and security of medical records is an issue, no doubt, but what this example shows is that breaching such is relatively easy to do and maybe the public should be more concern with the privacy and security practices within medical practices than what Google, Microsoft or other companies looking to provide consumers tools to manage their own medical records are doing. We may indeed find that the latter are indeed more secure than the former.
[…] some 50,000 records or so at New York Presbyterian Hospital/Weill Cornell Medical Center.” Article John Moore, Chilmark Research, 14 April […]
[…] also have to have at least one reference to some privacy breach at a hospital – there are certainly plenty of these to choose from and I have yet to hear of a privacy breach at a PHR company. The paper also prompted […]