Privacy fears around patients' health data breach amid Covid surge

Patients are staring at a new kind of privacy breach where health data can impact all their future financial decisions, say cyber security experts.

For example, a Covid patient’s blood reports, health history, plasma infusion details are now available on the dark web. They can be accessed by banks and insurance companies who can then take a call if the patient should be offered a loan, or find out what is his credit history, or if he later goes for an insurance, what should be his premium.

The insurance regulator has already warned its sectoral players against using health records without the patient’s consent to map prospective customers.

“Hackers are accessing data in bulk from hospitals and diagnostic centres. In some cases, they can just buy from them. Right now, those who have recovered may be surprised at the calls they are getting for plasma donation but it may not stop here,” said Srinivas Kodalli, researcher with free software movement of India who has been tracking data breaches.

“They will soon get calls ranging from deep cleaning service providers at homes of Covid patients to insurance companies charging a higher premium for health. They have all your health records,” he added.

Over the last few months, families of Covid-19 patients have had to share patient’s blood group, medical history, hospital details across social media to access plasma and beds. Legal authorities tracking cybercrimes say health data sold or shared without the consent of the patient is a breach of law and one can be sued under IT Act.

READ  Markets will head further south - Jacobs

“Under the current IT Act, there are provisions for both criminal and civil lawsuits that can be filed by the owner of the data, if health records are shared without consent. Health is sensitive data and banks can use it for credit ratings or taking a decision if loans should be given or not,” said NS Nappinai, a Supreme Court advocate and founder of Cyber Saathi – which works in creating awareness and safety online.

Insurance Regulatory and Development Authority of India (IRDAI) too has warned its sector players against using health records without the patient’s consent to map prospective customers.

“The insurance regulator has taken cognizance of the fact that the insurers are relying on leaked data to deny or block claims by policyholders, this practice is unethical and insurance companies should resist it,” said a source close to IRDAI.

Infact, flooded with complaints from policyholders, IRDAI has already stepped in and told insurers not to deny claims.

“It has come to the notice of the Authority that some insurers are not offering Corona Kavach and Corona Rakshak Policies to customers, and some insurers are not renewing such policies,” IRDAI said in a letter to insurers. “In the wake of rising infection rates due to the second wave of the Covid-19, the insurable public require appropriate health insurance coverage and it is not correct to deny such coverage to the customers in this crucial time.”

Cyber security advisors have also warned against identity thefts where new identities can be created using Aadhaar while doing the RTPCR test to check for Covid. “People who want to create mischief can take the records where Aadhaar details are given and this is a major breach of privacy. Identity thefts will happen which is as worrisome as financial frauds,” said Siddharth Vishwanath, partner in the Cyber Advisory Team at PwC.

READ  Wine dealers in Shillong petition chief minster to open the wine shop

But banking and insurance experts say not much importance should be given to use of this stolen data as such claims cannot be denied.

“There is no ground on which a financial institution or an insurer can deny a claim or avoid giving a credit card or a loan,” said Ashvin Parekh, founder, Ashvin Parekh advisory services. “Yesm banks are looking at top borrowers with top credit scores to give loans and credit cards, but that’s more to do with risk aversion rather than spread of infections.”



Please enter your comment!
Please enter your name here