Once More into the Breaches

June 6, 2019|Posted in: Uncategorized

Here we go again.

This past week has seen not one but TWO major data breaches from the healthcare industry. LabCorp, a medical testing company, just announced that the personal and financial data of some 7.7 million customers had been exposed. This just days after Quest Diagnostics announced a breach affecting 11.9 million of its patients.

The breaches were similar, and with good reason: both came through a third-party billing collections contractor, American Medical Collection Agency. According to the agency, the information exposed “… personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results.”

Gee, I feel so much better …

The breach also exposed credit card and bank numbers attached to roughly 200,000 of those accounts. So fraudsters can run amok with your Visa card, but hey, at least they don’t know you’re slightly anemic, right?

One would expect more of an uproar about this sort of thing, but no, no … we just act like it’s an inevitable natural byproduct of having computers run our lives. But seriously: who owns our personal data? Common sense would say it belongs to the PERSON upon which it is based, but no one’s ever accused this country bowing at the altar of common sense. Not in my lifetime, at least.

Some enterprising individuals think there should be some type of licensing agreement that pays out every time someone’s data gets sold. Of course, just the logistics of even putting a system like that in place are staggeringly prohibitive. Not to mention, it would take years, if not decades … by which time the threats would have likely evolved, anyway.

The majority of thinkers on this topic take a more practical—if no more palatable—approach, espousing the idea that individuals should get to control who sees their data and be guaranteed the ability to opt out whenever they’re uncomfortable. Considering that the above-mentioned breaches involved the healthcare system—easily one of the top five most heavily-regulated industries, in terms of data handling—even legislated rights to our own data is no guarantee of security. It’d be better than nothing, I guess, but still.

To be clear, it’s not just data breaches we’re talking about here: one of the most prolific—and ignored–sources of intimate data is my favorite technological punching bag, the Internet of Things (IoT). I’ve soapboxed on this before: yes, connecting the physical devices around us is convenient (if oftentimes pointless), but what are we giving up? For voice-activated devices like Amazon Alexa or Google Home, data flow is a two way street: if it can react to you, it’s listening … and that information isn’t just going to go away. SOMEone is saving it SOMEwhere.

Is that a wholly bad thing? To quote Patrick Swayze in that monument to modern filmmaking, Roadhouse, “Opinions vary.” Privacy nuts—guilty!—say it’s an illegal invasion, that no one needs to know what they’re doing, and that the government can and will use the information against you at some point. Which is why some of us functionally opt-out, simply by not having the devices in our homes.

The other side of the argument is that much of this data could conceivably be used for the public good. Having this wealth of data on people’s actions, for example, would be much more helpful than polls in terms of informing policymakers on the needs of the people. Los Angeles, for example, has been private providers like Lime and Spin to help develop data sharing requirements to help understand how to create a more walkable and bike-friendly city. Seems like taking a walk yourself could give you a better idea, but what do I know? I’m in SanFran.

All the debating never really seems to focus on the core problem, at least in my eyes: this is all personal information about ME … and someone else is grabbing it, selling it, and benefitting from it. Those apps on your phone that you allow to access your location? According to one source, it pings your whereabouts as often as every two seconds. Is that what you were expecting when you asked Siri for the nearest Starbucks?

Yeah. Didn’t think so.