27 Apr 2017
Want to know why databases are dangerous? It’s as simple as putting all your eggs in one basket. If something happens to that basket, you’re out of eggs. But when it comes to databases, those eggs are people’s information. Email addresses, phone numbers, and full names are stored in a database and also happen to be quick profits for hackers who will can either sell that information or use it to spread their own viruses and malware.
But believe it or not, that’s not the worse situation possible when it comes to databases because there are medical databases that have all the same information as a regular database plus personal medical records.
Medical databases are necessary, but they’re also juicy targets for cybercriminals. So you would think people would be careful when it comes to creating more of them, right?
Researchers at Yale university are working on a platform called Hugo that gathers a patient’s medical records from all their healthcare providers and compiles them into one large database that can be used for medical research. If you’re cynical about data collection and what it is used for, Hugo should be a red flag for you. Anytime personal data is collected it has marketing and contact value, which is why hackers are so keen to access it. Which should be another red flag for any cyber-security cynics.
A medical record database like Hugo is the equivalent of Fort Knox for hackers. Storing so much medical data in one place is just like putting all your eggs in one basket. If there is one breach it is all put at risk and you have no options but to comply with the hackers. (As so many healthcare organizations found out in 2016.) If the Hugo database were hacked a patient’s entire medical history could be in the hands of hackers.
The good news is that the researchers developing Hugo say it is, “Highly Secure.” The bad news is too many people have said the same thing before only to find themselves on the wrong end of HIPAA. Hugo is still being developed and there isn’t any security information on the Hugo website so there is no telling how they plan on securing their database, but you can be sure that once it is up and running hackers will line up to take a crack at breaching it. In an ideal world, Hugo is a secure database and the research information it provides saves lives one day. But as we all know, our world is far from ideal.
But here’s the important part though. Patient participation in Hugo is optional. While that may not come as a surprise or seem that important, it’s actually vital information for you and anyone who encounters a healthcare provider that works with Hugo. By simply knowing what Hugo is, what the potential risks are, and knowing that participation is completely optional you will be a step above the average patient when the option shows up on medical forms and contracts.
You might never encounter Hugo, but chances are another database or system like it will find its way to you because this is the future of healthcare. If you don’t like it, take the time to research the cyber risks involved with modern day healthcare so you never end up a part of something you don’t understand by accident. At the end of the day, you are the one responsible for knowing what you sign yourself up for and what it means. Don’t be left wondering how you ended up being involved in a data breach. Take your cybersecurity seriously.