Study: Peer-to-peer file sharing apps can expose medical data

Here's a new problem to add to the list of ways in which health data can be left exposed to intruders: A university technology professor has submitted research demonstrating that he could obtain tends of thousands of medical files for patients using popular peer-to-peer applications. Worse, given the distributed nature of P2P networks, users might never know that their files had been accessed, as there's no central monitoring for security breaches underway in P2P data sharing.

The professor, M. Eric Johnson of Dartmouth College, found that he was able to uncover names, addresses and Social Security numbers for a wide range of patients by using his peer-to-peer client to access electronic medical records on computers that also had peer-to-peer clients installed on their systems. The data also included personal data and physical and mental diagnoses.

Among the data discovered by Johnson included a database containing records on 20,000 patients including not only names and Social Security numbers, but also insurance carriers and diagnosis codes. He found sensitive data belonging to others on computers maintained by a wide range of institutions, including hospitals, mental health clinics, laboratories and collection agencies.

The disclosures in Johnson's paper follow news of previous breaches arising from peer-to-peer programs. For example in June 2008, at least 1,000 patients receiving care from Walter Reed Army Medical Center had health records and Social Security numbers exposed by peer-to-peer applications.

To learn more about this threat:
- read this NextGov article

Related Articles:
Firm offers data breach insurance
U.S. hospitals have security 'blind spot'
More hospital data security breaches
Johns Hopkins loses patient, employee data