The personal health and financial information stored in thousands of North American home computers may be vulnerable to theft through file-sharing software, according to a research study published online in the Journal of the American Medical Informatics Association.
[...]
El Emam’s CHEO team used popular file sharing software to gain access to documents they downloaded from a representative sample of IP addresses. They were able to access the personal and identifying health and financial information of individuals in Canada and the United States. The research for the study was approved by the CHEO ethics board.
[...]
A sample of the private health information the CHEO team was able to find by entering simple search terms in file-sharing software:
- an authorization for medical care document that listed an individual’s Ontario Health Insurance card number, birth date, phone number and details of other insurance plans;
- a teenage girl’s medical authorization that included family name, phone numbers, date of birth, social security number and medical history, including current medications;
- several documents created by individuals listing all their bank details, including account and PIN numbers, passwords and credit card numbers.
Read more on Science Daily.
The research article is:
Khaled El Emam, Emilio Neri, Elizabeth Jonker, Marina Sokolova, Liam Peyton, Angelica Neisa, Teresa Scassa. The inadvertent disclosure of personal health information through peer-to-peer file sharing programs. Journal of the American Medical Informatics Association, 2010; 17: 148-158. The full article is available online.
Avi Baumstein writes in InformationWeek:
Are peer-to-peer networks really filled with sensitive corporate data just waiting to be plucked and abused? It seems unlikely–surely people wouldn’t be that sloppy. Like a 19th century prospector, I decided to dip my pan into the stream to see what I could find.
The results were shocking and scary–loads of confidential business documents and enough personal information to ruin any number of lives and create PR nightmares for quite a few companies. Among the business documents were spreadsheets, billing data, health records, RFPs, internal audits, product specs, and meeting notes, all found in a quick expedition, using simple tools.
[...]
Giddy from my quick success, I tried other search terms and slogged through dozens of computers full of tailings such as High School Musical and Fall Out Boy, until I entered “ssn” for Social Security number. LimeWire, which displays the IP address of the computer hosting each file a search returns, showed an entire page of results for ssn, all with the same IP address. Using “browse host,” I discovered a mother lode of bank passwords and credit card numbers, a few dozen files labeled as Equifax credit reports, and a handful of tax returns.
I’d stumbled upon what’s known as an information concentrator. These are people who do what I was doing–troll the P2P networks for files with personal data. But their intentions are far more sinister–typically identity theft. Most likely this person was inadvertently resharing the confidential information he had found, making the same mistakes with P2P that his prey had made.
[...]
I came across a veterinary clinic, with listings of pets and their owners’ billing information. A medical office revealed spreadsheets listing patients’ names along with their HIV and hepatitis status. Wow.
[...]
Full story – InformationWeek
Comments Off 
Themocracy