As Google launches its Google Health, security experts are concerned that personal medical records are at a greater risk of being breached.
Google Health allows patients to view and manage their own health care records while also allowing that data to be shared with doctors, pharmacists, and other medical personnel.
According to a recent survey conducted by SecureWorks, a managed security services provider, health care information is attacked up to three times as often as banking and financial information. By allowing medical records online, the risk of having that information attacked increases, Don Jackson, director of threat intelligence at SecureWorks told SCMagazineUS.com on Tuesday.
“It’s not a question of how good the security is,” Jackson said, “When you put all this information is one central location like this, a single compromise will affect a lot of data.”
Heath care data is valuable on the black market, Jackson added.
“You get social security numbers, mother’s maiden name, home address,” he said. “It’s a soft target that turns out to be a treasure trove of information.”
In response, Google said it uses software, hardware, and strict policies to keep user health information safe and private.
“The health information users store with us is protected by state-of-the-art technologies, including Secure Socket Layer (SSL) encryption, firewalls, alarms, and other technology we build ourselves or buy from other experts in the security industry,” a Google spokesperson told SCMagazineUS.com. “We have extensive backup systems in place to protect the integrity of this information. Google’s servers are protected by strong physical security at our facilities, including passcodes, locks, and security personnel.”
On Google’s own blog, readers raise a concern of Google employees having access to health records.
According to Google, “a limited number of employees at Google have access to confidential information of any sort, and even fewer have access to what we consider very sensitive data. This is primarily because there’s very little reason to provide that access; most of our processes are automated and don’t require human intervention.”