Facebook Reported to Have Attempted to Acquire Users’ Medical Records

Reports have recently surfaced that Facebook tried to gain access to medical records of US users through approaching US hospitals. Amidst growing concerns about data protection and privacy in the digital age, this new story highlights the need to protect personal information from unauthorized access – especially when it comes to sensitive data like a patient’s medical history.

Facebook Tries to Get Access to Users’ Medical Data

Facebook was recently hit by backlash after a whistleblower that was formerly employed at data firm Cambridge Analytica revealed that the social network had shared account data that included personal details and preference metrics of roughly 50 million US users and 1 million UK users with the company. The news raised concerns about the ethical and legal issues involved in sharing personal data without the awareness of users and eventually led to Facebook issuing an apology to users and Cambridge Analytica going out of business. But even more importantly, it sparked a worldwide debate about the importance of safeguarding privacy. Coincidentally, the new EU General Data Protection Regulation was put into effect a few weeks later, which further fueled the debate. Among the most crucial aspects of the discussion is safeguarding what has been termed “sensitive” data that warrant increased protection – which included medical data and health records.

Now it seems that the debate about data protection of medical information is more relevant than ever. According to an April 2018 report at CNBC, Facebook tried to get a hold of medical data of its users. The extremely popular social network approached several US healthcare institutions, including the American College of Cardiology and the Stanford Medical School, with a proposal to connect data from its users’ accounts to the personal data held at the hospital. The idea behind this project was to collect medical information such as prescriptions and history of illnesses and pair it up with the information stored on the Facebook platform in order to determine which hospital patients might need special treatment. For example, by identifying that a user does not have many close friends on Facebook, the hospitals that took part in the proposed project would be able to know that they need to offer extra support after hospitalization.

Facebook’s plan was met with negative reactions when it was revealed, and most people have suggested that there needs to be a line drawn when it comes to sensitive personal data like medical records. Data security has risen to a top priority for enterprises and organizations of all types lately, especially after news such as the Cambridge Analytica scandal surfaced. Moreover, ransomware attacks often target users’ data and hackers seem to focus their efforts on personal data, so data security is essential for businesses, their reputation and processes. Data security also helps businesses comply with regulatory requirements such as the new GDPR or HIPAA. Making sure that data is protected properly is a top priority for hospitals, too, especially when considering not only the volume of data that they have to keep on patients, personnel and processes but the nature of that data too.

Collecting and Storing Data in the Healthcare Industry

Hospitals and healthcare organizations often use online applications to collect and process sensitive data and frequently use the cloud to store it. In the UK, the National Health Service, one of the leading healthcare institutions worldwide, recently greenlighted the storage of patient data on the cloud and has endorsed data offshoring facilities, which marks a policy shift. NHS Digital has developed guidelines for health organizations that single out greater cybersecurity, less operating costs and better recovery after an incident as some of the reason that would encourage the adoption of cloud environments for storing patient data. These are among the reasons that individual doctors often use the cloud to store patient information, too. Risks include relying on an internet connection and the need for expert IT professionals that will ensure the smooth operation of the cloud.

Data and information security is one area where healthcare organizations can see room for improvement, although the landscape is not as bleak as in other sectors of the economy. A recent global survey that surveyed organizations in 20 countries highlighted that 15% of the computers in 2,935 health organizations observed were running outdated operating systems, either MacOS or Windows, and 16% of the computers were using outdated versions of internet browsers. This renders them more vulnerable to hacker attacks, although they seem to fare relatively alright when compared to other industries: 25% of government computers were running an out-of-date OS and over 8,500 surveyed organizations in total had installed outdated browsers on more than 50% of their computer.

Yet healthcare institutions need to take concrete steps to ensure that they are not vulnerable to malware attacks when it comes to their computers that are running on outdated OS or browsers. Sometimes the solution might be as simple as rebooting your router, but when it comes to sensitive medical information no one should take chances. Increasing awareness and putting the proper safeguards in place is crucial for the health industry.