As IBM’s Kuhn explained in a follow-up interview, these medical records can be leveraged for a wide variety of nefarious purposes. In some cases, it’s about stealing a person’s identity and billing them for a surgery or a prescription, and in others it’s about opening a new line of credit. Security researcher Avi Rubin told Fast Company in an recent interview that he suspects hacked medical records are often routinely used for blackmail and extortion.
Moreover, important information on the patient’s medical record will often be deleted, like an allergy to penicillin, or new entries added. In some cases, it’s intentional. But it’s more often a by-product of the theft. For this reason, the World Privacy Forum issued a lengthy report that calls it “the crime that can kill you.”
The security in place for medical records is not up to snuff, and it’s become a target not just because of the information that can be gleaned from those records, but because it’s also an easy target. We’ve spent a lot of time thinking about how easy access to electronic medical records could help in an emergency, and it could. But, we’ve not spent enough time making sure they are only accessible to people who should have access to them.
We have to do better.