According to the results of a study published on 2/26/10 in the Journal of the American Medical Association (JAMA), file-sharing software used for downloading music, such as Limewire and BitTorrent, could serve as a portal through which hackers snag confidential medical records from a physician's home computer.
The scenario could be innocent enough: a health care professional with no time to update his electric medical records during a busy day transports them to his home computer. If that individual uses file-sharing software to download music, he could inadvertently release patient information.
Researchers from the Children's Hospital of Eastern Ontario in Ottawa studied the vulnerability of health records when stored on a home computer with file-sharing software installed. The year-long study analyzed the IP addresses of millions of computers in the United States and Canada using file-sharing programs. Out of 23-24 million files, researchers found that about five per cent, or hundreds of thousands of files in the US, contained private health and financial information that could be accessed with search tool.
"A significant amount of information is leaking and I think it's important for the public to be aware of the risks of running those programs," said Khaled El Emam, the study's lead researcher and a professor of electronic health information at the University of Ottawa. "This wizard that's intending to find media files for you [could] also potentially be sharing large amounts of information on your behalf, and you might not be fully aware that this is happening."
While conducting their research, El Emam and his team discovered a medical care document with an Ontario health insurance card number, a teenage girl's medical authorization with her family name, phone numbers, date of birth, social security number and medical history, and documents outlining people's bank details, PIN numbers and credit card numbers.
Simon Morris, VP of marketing and products at BitTorrent, Inc., said inadvertent file-sharing is impossible on BitTorrent because files are only shared as they are downloaded, although a user could theoretically release personal files on purpose. Morris said he could not speak for other file-sharing programs.