This morning, there was an extremely unsettling item of news (Nachricht) on the radio (as always, I listened to Bayern2 – Radio):
In probably two hospitals, data were stolen. We are talking of the hospitals at Rastatt and Mittelbaden in Baden-Württemberg. The objects stolen are patients’ data, diagnoses, letters by doctors and internal hospital communication. These data were probably stolen on September, 19th. According to the hospital, they filed a complaint against an unknown person. It says that the Rastatt hospital noticed the violation on September, 27th – eight days after the alleged theft.
Today, on October, 12th, this item of news makes the current headline!
Basically, I assume that, of course, some “secret” data of German hospitals will end up where they do not belong on a daily basis. It is probably unavoidable. But this case seems to be particularly important. After all, it made the current news of October, 12th, 2012!
Well, why don’t we savor this topic? There was a data theft. Theft – which means some property was stolen. But then, the property – that is the data – would have to be gone after the violation of the law happened. Consequently, the thief would have had to copy the data and then delete the file at the place of theft. Otherwise, all you get is “half a theft”.
Yet I presume this was not what happened – it is probably not even possible. All those intended copies (backups) and unintended “data in work” make it basically impossible to completely delete anything. Except if the thief practiced total vandalism and destroyed everything. Or else if he was a perfectionist who also destroyed all the backups. But only a genius can do that – and even he can only do it if he has internal knowledge.
But let us look at the person who probably committed the theft. I write “probably” because, de facto, the “theft” is only an assumption. They assume that an unknown person copied certified data from the system. So what will the thief now do with them?
Is there a personal interest, because he wants to know more about a procedure that actually concerns him? Is it simply revenge? Does he only want to look important? Is this espionage, maybe by the press? Someone who wants to detect unethical behavior on the part of the hospitals (I assume that can be found everywhere)? Or was it, maybe, even a Federal Agency working clandestinely (and rather clumsily)?
Or is it a (minor) culprit who wants to win money by using data, for example by blackmail? And in that case: who would be the recipient of blackmail? Who is the owner of the data? If it is a diagnosis, is it the hospital or the patient? If it is communication between doctors: the hospital or the doctors? The sender or the recipient of the letter?
More and more question. I am sure I could continue in this fashion for a long time. But that is not what I want. I assume that this is again one of the instances where no damage will be done by the “data abuse”. And if damage is done, it will be quite small and short-lived. A trifle. But in the land where people get hysterical about data security, this is the kind of news you can use for painting the most demonic pictures.
I file the article among “storms in the water glass”.
RMD
(Translated by EG)
P.S.
I would find it a lot more interesting to read about the number of malpractices or the many cases of operations or other therapeutic actions where business considerations and optimization, such as capacity utilization and strategic billing were the determining factors.