Stolen medical information can be used to steal your identity and ruin your credit, or to affect your medical records, Johnson says. "If I assume your identity to obtain medical services, such as using your insurance information to go to the hospital for treatment, it's not only insurance fraud, it's also adding false information to your medical records," he adds.
P2P file sharing has become the "bane of the security officer's life" at many corporations, as well-intentioned employees put their personal information as well as their company's proprietary information at risk, says Nick Selby, a vice president and research director with The 451 Group, a New York City–based technology research firm. People often use their work computers for personal reasons because they have higher bandwidth at the office, making it easier to download large music and video files. Although some P2P software allows users to specify which information they want to make available to the network, Selby adds, this software can easily be misconfigured and sensitive data made available to the network because people are using technology do not really understand how it works.
Johnson points out that the shift to digital health care records will not be easy. "The (Obama) administration is moving toward a national electronic health care records system," he says, "but the transition is going to be painful. It's not until they understand how to secure these records that we'll be safe." (The new chief privacy officer will have to not only secure new digital medical records but also promote ways to protect existing data.) The nirvana is to store this information in high-end databases systems that are well-secured, rather than in spreadsheets, e-mail and Word documents that can be left on someone's PC, he says, adding: If this cannot be done soon, hospitals and other health care organizations will need to restrict employee access to patient data.