Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Six health privacy experiments that should *NEVER* be caried out


Published on

In April 2004, a bold experiment by the Infosecurity Tradeshow in London proved what everyone suspected, over 70% of people passing through Liverpool Street Station would reveal their password in exchange for candy ( Some commentators applauded this validation of a previously unproven assumption about Londoner’s attitudes towards password secrecy. Other commentators had serious ethical concerns with the experiment.

This candy-for-password experiment got me thinking about health privacy/security experiments. Many suspect that the healthcare system has serious human and technical privacy vulnerabilities, but how can we validate this suspicion? Would a patient hand over their provincial health number for a chocolate bar? Would a medical professional hand over a patient’s information for a chai latte? The more I thought about it, the more extreme – and both frightening and funny – the research projects became.

  • Be the first to comment

  • Be the first to like this

Six health privacy experiments that should *NEVER* be caried out

  1. 1. © Fujitsu CanadaSix Health Privacy ExperimentsThat Should Never Be ConductedWCHIPS 2013, WinnipegChris Hammond-ThrasherAssociate DirectorSecurity, Privacy and ComplianceFujitsu
  2. 2. 1
  3. 3. © Fujitsu CanadaPhone Disclosure
  4. 4. © Fujitsu CanadaConference NumberDial into the XYZ Disease / Syndrome / DysfunctionConference Call Now!204-800-55803
  5. 5. 2
  6. 6. © Fujitsu Canada5Social Media
  7. 7. © Fujitsu Canada6
  8. 8. © Fujitsu CanadaLong Memory7
  9. 9. © Fujitsu CanadaLong Memory8• Version 1.0 of theNCSA Mosiacbrowser wasreleased inNovember 1993• Netscape Navigatorwas released inDecember 1994• TELUS launchedcommercial Internetservices in 1995• Facebook launchedin February 2004
  10. 10. © Fujitsu CanadaTeens on Facebook“Self-definition is about identity, one’s needs and attitudes, andthe presentation of the self to others. Teenage patients presentthemselves on Facebook as regular teenagers. They do notwrite public status updates about their stays at CHEO or thetreatments they receive.”- Van der Velden and El Emam, 20129
  11. 11. © Fujitsu Canada10
  12. 12. 3
  13. 13. © Fujitsu Canada12A Simple Wi-Fi Attack
  14. 14. © Fujitsu CanadaThe Demonstration NetworkJoin now!SSID: wchips2013Password: wchips201313
  15. 15. © Fujitsu CanadaCountermeasuresThe basics: Any Wi-Fi network with significant securityrequirements must be configured to use WPA2-Enterprise. Noexceptions.VPNs are excellent defenses when moving sensitive dataacross non-trusted networks, but there is no completely safeway to connect to and use a hostile Wi-Fi network.There is no good defense to Wi-Fi denial of service. The bestthat you can do is have a good wireless incident responseteam on hand.14
  16. 16. 4
  17. 17. © Fujitsu CanadaWin an iPad Mini!16
  18. 18. © Fujitsu Canada17
  19. 19. © Fujitsu CanadaPhishing DiscussionUse HTTPS and put the survey on your own domain i.e.Without HTTPS I can try to impersonate the site and phish forpersonal health informationAs of last night, is available forpurchase (they used has been purchased by a domainsquatter18
  20. 20. © Fujitsu CanadaQR Code Phishing19
  21. 21. 5
  22. 22. © Fujitsu Canada21Hospital Netwars
  23. 23. © Fujitsu Canada22
  24. 24. 6
  25. 25. © Fujitsu Canada24Healthcare Mysticism
  26. 26. 7
  27. 27. © Fujitsu Canada26Medical Malware
  28. 28. © Fujitsu CanadaA Common Malware Model27CommandandControlServerInfectedLaptopInfectedTabletInfectedSmartphone
  29. 29. 8
  30. 30. © Fujitsu Canada29Balloon Clown Audit
  31. 31. 9
  32. 32. © Fujitsu Canada31Elicitation
  33. 33. © Fujitsu CanadaDefinition: “Elicitation”“In the spy trade, elicitation is the term applied to subtleextraction of information during an apparently normal andinnocent conversation. Most intelligence operatives are welltrained to take advantage of professional or socialopportunities to interact with persons who have access toclassified or other protected information.Conducted by a skillful intelligence collector, elicitation appearsto be normal social or professional conversation and can occuranywhere – in a restaurant, at a conference, or during a visit toone’s home. But it is conversation with a purpose, to collectinformation about your work or to collect assessmentinformation about you or your colleagues.”32
  34. 34. © Fujitsu CanadaElicitation PlanGoal Elicit personal information on at least one individualMethod Seek advice on when teenage girls should start dating as a way to get aparent talking about their own childrenObjectives Parent’s Name __________________ Target’s Name __________________ Relationship __________________ Target’s Gender __________________ Target’s Birthday __________________Achieved _________ of five objectives33
  35. 35. C
  36. 36. © Fujitsu CanadaBibliography Capps, Rusty. "The Spy Who Came to Work," SecurityManagement, February 1997. *Celent. Using Social Data In Claims andUnderwriting, Hadnagy, Chris. Social Engineering: The Art of Human Hacking.Wiley, 2011. Li, Jingquan. “Privacy Policies for Health Social Networking Sites,”Journal of the American Medical Information Association, March2013. Malin, El Emam and O’Keefe. “Biomedical Data Privacy:Problems, Perspectives, and Recent Advances,” Journal of theAmerican Medical Information Association, January 2013. Van der Velden, El Emam. “’Not All My Friends Need to Know’: AQualitative Study of Teenage Patients, Privacy, and Social Media,”Journal of the American Medical Information Association, July 2012.*Subscription required.Hammond-Thrasher, Six Health Privacy Experiments, 2013
  37. 37. © Fujitsu CanadaConclusionsThere are significant challenges facing privacy professionalsand academic researchers who want to understand real riskincluding, Research ethics Research funding and The reputational concerns of personal health information custodians.The reality of the real risk scenarios examined today is that thethreat agents – whether insiders or outsiders – are not boundby the constraints that govern privacy and securityprofessionals.Van der Velden and El Emam’s paper on sick teens usingFacebook is a warning to the complexity of real risk – ourassumptions about how good or bad things may be need to betested.36
  38. 38. © Fujitsu CanadaChallenge QuestionsFor you, is the title of this talk a true statement? Should experiments like these *NEVER* be performed? Are some acceptable and not others? And if so why?Please email your answers
  39. 39. Chris Hammond-ThrasherAssociate Director, ConsultingSecurity, Privacy and ComplianceFujitsu