Privacy issues loom over Google Health

Share this article:
As Google launches its Google Health, security experts are concerned that personal medical records are at a greater risk of being breached.

Google Health allows patients to view and manage their own health care records while also allowing that data to be shared with doctors, pharmacists, and other medical personnel.

According to a recent survey conducted by SecureWorks, a managed security services provider, health care information is attacked up to three times as often as banking and financial information. By allowing medical records online, the risk of having that information attacked increases, Don Jackson, director of threat intelligence at SecureWorks told SCMagazineUS.com on Tuesday.

“It's not a question of how good the security is,” Jackson said, “When you put all this information is one central location like this, a single compromise will affect a lot of data.”

Heath care data is valuable on the black market, Jackson added.

“You get social security numbers, mother's maiden name, home address," he said. "It's a soft target that turns out to be a treasure trove of information.”

In response, Google said it uses software, hardware, and strict policies to keep user health information safe and private.

“The health information users store with us is protected by state-of-the-art technologies, including Secure Socket Layer (SSL) encryption, firewalls, alarms, and other technology we build ourselves or buy from other experts in the security industry,” a Google spokesperson told SCMagazineUS.com. “We have extensive backup systems in place to protect the integrity of this information. Google's servers are protected by strong physical security at our facilities, including passcodes, locks, and security personnel.”

On Google's own blog, readers raise a concern of Google employees having access to health records.

According to Google, “a limited number of employees at Google have access to confidential information of any sort, and even fewer have access to what we consider very sensitive data. This is primarily because there's very little reason to provide that access; most of our processes are automated and don't require human intervention.”


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier ...

Researchers at SophosLabs found an uptick in VBA samples in July.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.