Confidentiality

I remember when a data breach was big news. Now, it seems people are breaking into computer systems at least once a week, if not more frequently. In fact, healthcare bills already include the cost of security measures taken by hospitals and providers to keep our private information, private.

Spending on security will reportedly hit $40 Billion this year, according to The Boyd Company, an increase of 22% over last year. And the Princeton, New Jersey, consulting firm expects it to balloon to $70 billion three years from now (“Redspin Reports on the State of Healthcare IT Security“).

“Information security data breach in healthcare has reached epidemic
proportions – the problem is widespread and accelerating,” said Daniel
W. Berger, Redspin’s President and CEO. “Incidents have been reported in
nearly all 50 states and the total number of records breached increased
97% in 2011 as compared to 2010.”

Granted, some of the security breaches are due to carelessness and poorly monitored procedures. But if industries, including healthcare, are spending that much money to secure the data, the threat is real. Why then would healthcare practitioners toss caution to the winds and use videoconferencing services that are not fully secure from hackers as well as large companies? Yeah, I know, Skype is free. That doesn’t mean it’s safe from prying eyes.

Let me quote from an article on advanceweb.com I first saw in November of last year.

Skype works by creating “virtual servers” through your computer when you
sign up for Skype and download the program. In essence, you are not
only sending your video, audio and files through your computer when you
use Skype, you are in fact sending that data through other users’
computers as you connect with your colleague, patient or family. The
same is happening on your computer for other users when they connect to
their friends or clients. It really is an ingenious platform. Because
you share bandwidth and processing power with other users, Skype is able
to give you the quality and speed you expect at a much lower cost. This
in turn decreases your cost.

Skype, and its relatively new owner, Microsoft, say the data is encrypted. Quoting again from the same article:

Shortly after the purchase, Microsoft applied for a patent that many
found disturbing and is our second potential pitfall. Essentially, the
Microsoft patent demonstrates their ability to listen, view and record
conversations over the Skype network. Users were told, “Legal
Intercept appears similar to tools used by telecommunication companies
and equipment makers to comply with government wiretap and surveillance
requests.” While perhaps unnerving, it seems understandable until
you begin to think about populations trying to escape dictatorships that
use Skype and Twitter to get their messages out. Then that same article
points out that Skype “aims to incorporate tracking technologies for
its Skype services, as it aggressively expands its mobile advertising
system across the world. Skype will likely soon have ad targeting and
user profiling digit strings attached.” Essentially they will also have
the ability to know your location and when you are online as well as
being able to see the data you are transmitting.

A study found that the average programmer with minimal resources could find and track users’ locations and find any files they shared through Skype.

“Essentially, you could find and get information regarding a particular individual or large groups of individuals. And, it can be done without the user knowing that they had been compromised or without downloading any malicious files to get things going.”

In the five months since the article was first published, I have not seen anything that says Microsoft as changed its course with Skype, so it may have already instituted the patented software.

For most of us, Skype security and Microsoft patents won’t be a problem. But what happens if a hacker gets the info he (or she) needs to gain access to the healthcare files of some celebrity. If Anonymous can get into State Department and Department of Defense emails, how hard can that be.