Data Hemorrhages in the Health-Care Sector

  • Authors:

  • M. Eric Johnson

  • Affiliations:

  • Center for Digital Strategies Tuck School of Business, Dartmouth College, Hanover 03755

  • Venue:
  • Financial Cryptography and Data Security
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Confidential data hemorrhaging from health-care providers pose financial risks to firms and medical risks to patients. We examine the consequences of data hemorrhages including privacy violations, medical fraud, financial identity theft, and medical identity theft. We also examine the types and sources of data hemorrhages, focusing on inadvertent disclosures. Through an analysis of leaked files, we examine data hemorrhages stemming from inadvertent disclosures on internet-based file sharing networks. We characterize the security risk for a group of health-care organizations using a direct analysis of leaked files. These files contained highly sensitive medical and personal information that could be maliciously exploited by criminals seeking to commit medical and financial identity theft. We also present evidence of the threat by examining user-issued searches. Our analysis demonstrates both the substantial threat and vulnerability for the health-care sector and the unique complexity exhibited by the US health-care system.