Medical Data Blackmail: Another Face of Data Breaches in the Digital Age

The interview and subsequent articles about Charlie Sheen’s disclosure of being the intended victim of medical data blackmail stirred dynamic discussions among my privacy and security colleagues. It’s one more example of how, as our healthcare information continues to be digitized, there are more opportunities for data breaches to occur without an expert hacker’s involvement. What a horrible thought: your personal health information (PHI) distributed via Instagram, or leaked by text, Facebook post, or Tweet!

So much focus has been on encryption – which remains essential – and the technical aspects of data security that we continue to be blindsided by the human propensity for error, and malice. You may think, “But that’s Charlie Sheen. He’s a celebrity. No one cares about my information.” Maybe not to the extent to blackmail you personally for millions, but put your PHI (medical data) in a batch with hundreds or thousands of others and try to blackmail the healthcare organization, or just release it all? That’s already happened.

Small healthcare organizations are far from exempt from medical data breaches, although large organizations tend to grab headlines. As I mentioned in a LinkedIn post “My Personal Breach Experience,” our PHI can get out anywhere, seemingly unrelated to where the data originated. To have that information taken with intention to cause harm, however, adds an element of personal violation that I don’t care to experience.

Not the most cheerful of thoughts here at the holidays or any time! So, what can you do? Be vigilant on your own behalf. For all else, we’ll continue to trust in technical safeguards and workforce training processes, and the basic decency of our fellow humans.

Apgar & Associates provides privacy expertise for secure information. Call 877-376-1981 to learn more about our compliance consulting services.