A medical privacy breach at Stanford University’s hospital in Palo Alto, Calif., led to the public posting of medical records for 20,000 emergency room patients, including names and diagnosis codes, on a commercial Web site for nearly a year, the hospital has confirmed.
Since discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called “Student of Fortune,” which allows students to solicit paid assistance with their school work. Gary Migdol, a spokesman for Stanford Hospital and Clinics, said the spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph.
Even as government regulators strengthen oversight by requiring public reporting of breaches and imposing heavy fines, experts on medical security said the Stanford incident spotlights the persistent vulnerability posed by legions of outside contractors who gain access to private data.
Obviously this applies to the whole area of privacy in a digital world where innumerable copies of your information are floating around. I was having dinner with a friend when I offhandedly mentioned to him a website which allows you to look up information on people for free. He had his smartphone handy and was appalled that his birthday was posted for the whole world on the web (I assume that this has been “scraped” off a social networking site at some point). There are many instances of local governments scanning up information which is very private, and removing those files when that comes to light. But who knows how many people might still have those files? And that’s assuming stupidity or negligence. There are many underpaid individuals in firms which trade in private data who might think that a thumb drive with that data can be monetized.
This is why I’m rather casual about posting my genotype online. By the time this could be a major problem I think a lot of people will be in my boat, and as a society we’ll have to figure how to handle the radical transparency which our technologies will have unleashed. Perhaps a “Butlerian Jihad”? I wouldn’t bet on it…. I think the future is here to stay.