I really don’t want to sound like Aunt Karen, suspecting a culprit hiding behind every bush, but chances are your health data was or will be stolen. This is a strong statement and might sound paranoid. But, as the old joke goes: being paranoid doesn’t mean someone is not after you.
Here we will introduce five general scenarios of how unknown third-party actors can access your health data without your knowledge (and consent). We introduce these to paint a clearer picture of how medical data can change hands and help you prepare to avoid it – as much as possible.
You had a genetic test done
You ordered a direct-to-consumer genetic test. It’s less than a hundred bucks and you gain valuable insights into your risks and tendencies. You and your primary care professional will use the results to fine-tune your lifestyle and dietary choices. Great value!
Meanwhile, you might have forgotten to read the fine print, and agreed to share your data for research purposes upon registering before you actually ordered the test kit. Or, you were cautious, read the fine print, and refused to share your data. However, the testing company believes they are able to completely anonymise the data (which they can’t) and decided to sell it to a third party without your knowledge.
Or let’s say, you did everything right and the company did not sell your data, but you decided to register to a website in the hope of finding distant relatives and their database gets hacked, providing access to a million DNA profiles.
You’ll have a cataract surgery
You are preparing for cataract surgery and your doctor has ordered a retina scan. The hospital completes the scan, it is stored in their system, together with the rest of your health data. Your operation goes as planned, you are happy with the result.
And you will most likely never learn that the hospital decided to give away your data to an A.I. developer company – without your consent, as it happened when London hospitals were found to share various patient data – without patient consent – with Google DeepMind, including one million eye scans.
You order a device from a country that has more lenient data protection standards
You decided you need to monitor your heart health more closely and ordered a smart, portable ECG device from a foreign country, so you and your doctor will have more data to analyse without needing to set up more frequent appointments.
What you may not be aware of is the fact that your data – stored on the company’s cloud servers and analysed by the company’s algorithms – can find its way to the faraway country’s government, as according to their regulations, companies are obliged to share big-population data if requested by state authorities.
Medical data protection standards vary widely among countries, another problem is that many of these devices can be hacked as well.
You log in to access your medical data from home
It is really handy that you can access your medical records online, and even better that you have the option to contribute and upload data from wearables yourself. It helps you and your psychiatrist to keep your depression under control.
What is not so great is that your hospital failed to invest enough in cyber-security, and their system was breached, resulting in a data leak affecting all of their patients, yourself included.
Or, your hospital did invest in cyber security, but one of the staff members was not vigilant enough, assisting that nice new guy from IT to test the system and typing in their passwords – only to learn a week later that IT never hired anyone in the past couple months and an unknown third party stole the full database.
You will most likely never even hear about these issues, and will not connect the dots why your insurance company – to whom the unknown third party sold all the data – suddenly raises your premium.
You asked for personal dietary advice based on your microbiome analysis
You asked for personalised dietary advice from the company offering direct-to-consumer microbiome testing. You are not aware that the company sells de-identified data, which, under most circumstances is not terribly difficult to re-identify.
A third-party buyer could be a social media platform, able to match your genetic profile to your stored cookies. You never gave your consent to the sale of your sensitive health data, but that never happened – argues the test provider, after all, the data they sold did not include your name or social security number. However, the targeted ads you start receiving could not have a different origin than the results of your microbiome test.
You might also wonder how suddenly all social media platforms seem to target you with ads related to fertility treatments – curiously enough, just when you started to think about these issues.
Can your phone really listen to your conversations? Is your search history a goldmine for social media companies? Well, maybe you just booked an appointment with a fertility specialist in your hospital, and their website also ran Meta Pixel, and they simply recorded your IP address and what treatments you are seeking.
Can you ever be safe?
Probably no. This data-loaded, algorithms-supported era brings enormous health benefits. You never before could have learned about your higher melanoma risk without a DNA test, or would never be able to catch those first irregular heart rhythms without your smartwatch – potentially allowing you and your cardiologist to prevent a stroke or a heart attack. Digital health is impossible without your data, and missing out means losing its potential benefits.
Some of these scenarios are entirely out of your control, loose cyber security measures at healthcare institutions can happen, but you still might need to go to a hospital sometimes, and they will have your data regardless.
You can, on the other hand, make informed decisions. You can be aware of the importance of reading the fine print, of understanding the difference between de-identified and anonymous data, you can be aware of the major differences countries require in privacy protection.
Digital health and loss of some privacy go hand in hand, but we need to understand what we are willing to sacrifice and what we can gain in exchange. If you feel like diving deeper into this topic, grab a copy of our Hackers, Breaches, and the Value of Health Data ebook, discussing all the different levels and facets of health data and privacy issues.
The post 5 Scenarios Of How Your Health Data Can Be (Or Was Already) Stolen appeared first on The Medical Futurist.