No patient should have to make such a life-or-death choice. As our society moves toward digitization and sharing of a wide range of extremely sensitive data, it is essential that we find approaches to information security that rest on a solid foundation -- that are capable of enabling technological and social advances while protecting both the privacy of individuals and the security of our institutions. Wishful thinking won't cut it. Neither will complacency. If digital information is the bedrock on which our society now rests, we have some serious work to do. If we don't do it, there's a shaky, scary future ahead.
So far all we think we know about the Lake County incident is that no ransom was paid, the server has been shut off, the police are involved, the patients have been notified and credit monitoring has been offered to those who face exposure in one form or another. We don't know if the hackers made copies of the files before they encrypted them and have already sold them on the black market, if the server was backed up and/or if the data was destroyed. Anyone clever enough to pull this off is smart enough not to begin using the data for a while anyway. We don't know if other businesses in the area were hacked as well.
What we do know is that this isn't the first hacking/ransom incident, nor will it be the last.
I support digitization provided the prime directive is security and not simply convenience. I, for one, do not feel a whole lot of comfort walking into my doctors' offices and seeing a wall of open filing cabinets filled with patient files ripe for the plucking by an opportunistic passerby, an unscrupulous employee or unwelcome nighttime visitor. Do you?
Adam Levin is chairman and cofounder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.