How Mega-Breaches Could Literally Kill You

Security breaches have gone from a regular occurrence to a certainty in life.

— -- It was not very long ago that information shared with your doctor was sacrosanct. That may no longer be the case — and the fallout could be life-threatening.

Unless you are living in a log cabin on Loon Lake and are off the grid, you have probably heard about the mega-breaches responsible for this paradigm shift. Unfortunately the likelihood is that the dark days of lax or nonexistent data security practices are by no means behind us.

With the addition of medical records in the mix, there was the potential for new and more terrifying kinds of attacks — extortion using the threat of leaking embarrassing, private medical information and theft of health care services, which could cause a person to be denied timely health care, not to mention all those other crimes you can’t even imagine until they are announced on the nightly news.

As if that weren’t enough, last June the Office of Personnel Management — the human resources department of the U.S. (including its spies) — announced perhaps the most devastating breach of all. Somewhere between 18 and 32 million records were floating in the wind (possibly higher, but most often pegged at 22 million). More accurately, those incredibly sensitive records were in the possession of a hostile third party. The OPM hack included millions of the most intimate details revealed (or uncovered) during security clearance evaluation background checks for present and former government employees, contractors, family members of candidates, their friends and even employees of airlines.

The latest news from the OPM breach is that the information leaked could lead to espionage for any number of reasons.

The counterintelligence campaign currently underway is specifically designed to warn current and former government employees and contractors whose information was exposed by the breach that their information could be used by an operative to strike up a conversation. Armed with personal details, this operative could quickly form a bond by talking about mutual interests or life experiences. It’s creepy, and the threat is very real.

But What Does That Have to Do With Health Care?

Two of the above breaches include medical histories. The secrets and most personal details of the people affected are no longer secure, and the repercussions could be life-threatening.

Will people hesitate to see a doctor about a complaint that they would not want a third party to know about? Let’s say someone contracts a sexually communicated disease, and they decide rather than have that on their personal record—and risk exposure—they will purchase the antibiotics mentioned in an online article about the treatment of this or that disease. And let’s say that person is allergic to that prescription. Another scenario could well be a mental health crisis, where a person in dire need of help forgoes treatment for fear of exposure to hackers. That second scenario could not only result in the individual hurting his or herself, it could also endanger the lives of others.

While it is fair to counter that the above is incendiary and dire, it is not beyond the realm of the possible as breaches go from a regular occurrence to the third certainty in life. Now more than ever, it is time for the health care community to rise to the challenges that we face and close the gates because the cyber barbarians are everywhere.

Levin is chairman and co-founder of Credit.com and IDT911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit. His new book, "SWIPED: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves" was released last year.

Any opinions expressed in this column are solely those of the author.