Data Hemorrhages in the Health-Care Sector

Confidential data hemorrhaging from health-care providers pose financial risks to firms and medical risks to patients. We examine the consequences of data hemorrhages including privacy violations, medical fraud, financial identity theft, and medical identity theft. We also examine the types and sources of data hemorrhages, focusing on inadvertent disclosures. Through an analysis of leaked files, we examine data hemorrhages stemming from inadvertent disclosures on internet-based file sharing networks. We characterize the security risk for a group of health-care organizations using a direct analysis of leaked files. These files contained highly sensitive medical and personal information that could be maliciously exploited by criminals seeking to commit medical and financial identity theft. We also present evidence of the threat by examining user-issued searches. Our analysis demonstrates both the substantial threat and vulnerability for the health-care sector and the unique complexity exhibited by the US health-care system.

[1]  M. Eric Johnson,et al.  Information Risk of Inadvertent Disclosure: An Analysis of File-Sharing Risk in the Financial Supply Chain , 2008, J. Manag. Inf. Syst..

[2]  R. Posner The Federal Trade Commission , 1969 .

[3]  Jane Nelson Bolin,et al.  Avoiding Charges of Fraud and Abuse: Developing and Implementing an Effective Compliance Program , 2004, The Journal of nursing administration.

[4]  Xia Zhao,et al.  Information Governance: Flexibility and Control through Escalation and Incentives , 2008, WEIS.

[5]  David W. Chadwick,et al.  Patient Privacy in Electronic Prescription Transfer , 2003, IEEE Secur. Priv..

[6]  Nathaniel Good,et al.  Usability and privacy: a study of Kazaa P2P file-sharing , 2003, CHI '03.

[7]  M. Eric Johnson,et al.  Inadvertent Disclosure - Information Leaks in the Extended Enterprise , 2007, WEIS.

[8]  Pam Dixon Medical Identity Theft: the Information Crime That Can Kill You , 2006 .

[9]  M. Eric Johnson,et al.  The Evolution of the Peer-to-Peer File Sharing Industry and the Security Risks for Users , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[10]  Young B. Choi,et al.  Challenges Associated with Privacy in Health Care Industry: Implementation of HIPAA and the Security Rules , 2006, Journal of Medical Systems.

[11]  G. McNair,et al.  Identity Theft , 2007, The SAGE Encyclopedia of Criminal Psychology.

[12]  M. Eric Johnson,et al.  Why file sharing networks are dangerous? , 2009, CACM.

[13]  M. Eric Johnson,et al.  Information security and privacy in healthcare: current state of research , 2010, Int. J. Internet Enterp. Manag..

[14]  C. Goodman Health Insurance Association of America , 1988 .