Privacy issues loom over Google Health

Share this article:
As Google launches its Google Health, security experts are concerned that personal medical records are at a greater risk of being breached.

Google Health allows patients to view and manage their own health care records while also allowing that data to be shared with doctors, pharmacists, and other medical personnel.

According to a recent survey conducted by SecureWorks, a managed security services provider, health care information is attacked up to three times as often as banking and financial information. By allowing medical records online, the risk of having that information attacked increases, Don Jackson, director of threat intelligence at SecureWorks told SCMagazineUS.com on Tuesday.

“It's not a question of how good the security is,” Jackson said, “When you put all this information is one central location like this, a single compromise will affect a lot of data.”

Heath care data is valuable on the black market, Jackson added.

“You get social security numbers, mother's maiden name, home address," he said. "It's a soft target that turns out to be a treasure trove of information.”

In response, Google said it uses software, hardware, and strict policies to keep user health information safe and private.

“The health information users store with us is protected by state-of-the-art technologies, including Secure Socket Layer (SSL) encryption, firewalls, alarms, and other technology we build ourselves or buy from other experts in the security industry,” a Google spokesperson told SCMagazineUS.com. “We have extensive backup systems in place to protect the integrity of this information. Google's servers are protected by strong physical security at our facilities, including passcodes, locks, and security personnel.”

On Google's own blog, readers raise a concern of Google employees having access to health records.

According to Google, “a limited number of employees at Google have access to confidential information of any sort, and even fewer have access to what we consider very sensitive data. This is primarily because there's very little reason to provide that access; most of our processes are automated and don't require human intervention.”


Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.