THE BLOG

Race To Centralize Your Medical Info Creates A Single Point For Hackers

10/04/2014 01:50 EDT | Updated 12/03/2014 05:59 EST
Getty

Several provinces in Canada are racing to centralize databases with your sensitive health records in them, providing you no choice to participate in such a system or any transparent explanation of the risks of these ehealth initiatives.

The popular pro-argument is the slight convenience for travellers over a phone call to your doctor, but the risks are not being shared, and they are significant.

Not only are the provinces tripping over each other to be online first, the federal Infoway initiative encourages this increasing risk to your privacy.

Let's start with the information security risks. Every bank in the country, with the world's leading information security teams protecting them, have been hacked several times. This is little risk to us as the users because if any transactions show up on our account that aren't ours, we can call the bank, and they will take responsibility, removing the risk.

Our bank account balances are always changing as well, so in a year what our balance was a year ago when compromised, has little relevance in the grand scheme. This is why we still trust online banking today; the risks are handled by the financial institution, not the user.

This does not apply in the government-run ehealth systems. These electronic health record databases will be hacked and sold. Unlike the dynamic balance in the case of a bank account compromise, your entire medical history will not change, and will always be valuable.

Your medical information is already worth more than credit card data, so why in the world would our governments be racing to be putting this in a centralized place, creating a single point for hackers?

Also, the systems they're using are proprietary, which from a threat and risk perspective, means you shouldn't trust the systems at all. They have likely been misconfigured, and likely have back doors. If provided the resources, hundreds of information security experts in Canada alone can make this claim, let alone foreign adversaries.

I personally don't want my medical history in such a system that is so vulnerable. It's not a question of "can these systems be hacked?" There's no debate: they can and will. The questions are "how soon will they be hacked?" and "what information has our government decided for us, to put in them?"

The government is effectively choosing to provide our health records to the hacker community.

The other perspective is the privacy one. Although some governments claim you're being made aware of the risks of using such a system (have you?), and you'll be able to correct and/or edit (not delete) some of the information in them.

I would only want to use such a system if I have absolute and complete control of which doctors gets access to which data, and when. But really, privacy is about choice, and none of these government initiatives are following ethical privacy behaviour, which would be to offer you an explicit opt-in option.

Today, there is no real open dialogue with the information security and privacy community to resolve these concerns. There's a lot of money in building these systems, and that's a snowball that's moving downhill, rolling over your freedom of choice and privacy.

Until the government can offer you a guarantee that your mental, sexual, and entire medical history can't be compromised and published online, perhaps the only citizens whose information should be entered into such a system is those who have explicitly requested so. I know I wouldn't in the forseeable future.

The cost of these systems is staggering. Five years ago, the province of Ontario was alleged to be in a $1-billion ehealth scandal. I can only imagine when you consider all provinces in Canada, and bureaucratic inflation what kind of numbers we're talking about now.

I'm not sure how many billions of Canadian taxpayer dollars have paid to build these electronic straw houses, but in these economic times, surely spending these resources on job creation and innovation would benefit us all in the long run, and we could go back to the highly effective and proven model of a phone call to our doctor when required, while travelling.

ALSO ON HUFFPOST:

7 Household Items That Pose Privacy Problems