The accessibility of online platforms to allow patients and physicians to order diagnostic services from path labs, receive results and share medical information with relevant parties has been progressing towards more mainstream applications.

However, data breaches of such services have exposed the dangers of having medical information available online.

Breach at US diagnostics giant affects 34,000 patients

Quest Diagnostics in the US suffered a data breach in its MyQuest app last month that it disclosed on Monday, 12 December. The “unauthorised intrusion” has allowed a third party to access the names, dates of birth, lab results and phone numbers of 34,000 patients.

The MyQuest by Care360 app provides a variety of functions for both patients and physicians such as receiving results and sharing medical and health information between relevant parties, to name a few.

The company said in a statement that all affected individuals have been informed and that they are working with a cyber security firm to assess its other systems. They also said that there is “no indication that individuals’ information has been misused in any way.”

The company provides a range of services, ranging from simple blood tests to gene-based and molecular testing. Quest also provides clinical trials testing and Health IT and recently collaborated with IBM’s Watson AI robot to advance cancer precision medicine by combining cognitive computing with genomic tumour sequencing.

Similar incident at Mumbai-based pathology laboratory

Two weeks ago, a similar data breach at Health Solutions Pathology, a pathology laboratory in Mumbai resulted in the publication of 43,000 patients’ names, addresses, dates of birth and blood test results, which also included information of patients whom have undergone HIV detection tests.

Although the information has since been taken down, the breach has been made worse as search engines have already indexed the information and it is not known how long the data was available online.

When contacted regarding the breach, Rodrigues Kustas, an administrator at the company stated that the website has been hacked several times and that they will be moving their website onto a new domain in January and that the problem would be rectified then.

Kustas further stated, “Look, we are not the doctors, we merely do blood tests for patients. We also have more than 250 franchisees all over Mumbai who do tests for us, so maintaining doctor–patient privacy is not something that we as the lab are concerned with.”

Who bears the responsibility for a patient’s privacy?

Whilst this policy allows the company to shrug off responsibility, the data breach has left patients suffering from socially-stigmatised diseases feeling vulnerable with medical professionals warning of repercussions by the public such as octracisation and possible increased suicide risks of disease sufferers.

Patients are now concerned that they or their family may suffer because of the data breach, such as a HIV-positive patient whose name has been changed to protect her identity.

“When I first heard, I didn’t believe it. But, when I saw the news, I was shocked. In our society, patients like us carry a stigma. We have to hide our condition, or else society will ostracise us. I have an 8-year-old son who goes to school and if anyone finds out about my illness, my son will also be stigmatised, even though he is HIV-negative,” said Sumitha Guha.

Other patients such as Raghu Kumar, who developed tuberculosis while working, was fired from his job, alienated by his friends and was unable to find work. Through his struggle with TB and the depression because of the treatment he received from his friends and colleagues, he now works for NGO Aastha, which helps other TB patients get back on their feet.

“It was not my fault that I contracted the infection. The treatment I received from my friends and colleagues still haunts me. Even though TB is curable, society still doesn’t accept those ailing from it. Every day, I meet patients who recount similar stories,” says Kumar.

The motivation of the culprit/s behind the data breaches is still unknown but a breach in privacy of this nature can be open to abuse by nefarious individuals such as fraudsters and telephone phishing scammers, looking to steal personal information or perform identity theft. MIMS

Read more:
Electronic health records: pros and cons
The importance of a Clinical Information System (CIS) for your clinic