Until final November, I had by no means heard of Perry Johnson and Associates. But that they had heard of me. In reality, with out my data, that they had details about me that even my closest buddies and kinfolk won’t know. Because the corporate supplies “transcription and dictation” companies to Northwell Health, a medical supplier that has handled me prior to now, that they had entry to what they check with as “certain files containing my health information as well as other personal data.” This may need included my identify, beginning date, tackle, and medical document quantity, and details about my medical situation—together with admission prognosis, operative stories, bodily exams, laboratory and diagnostic outcomes, and medical historical past, which may embody household medical historical past, surgical historical past, social historical past, drugs, allergic reactions, and/or different observational info.

This was all laid out to me in a letter dated November 3, 2023, informing me that a minimum of a few of my info was now within the arms of an “unauthorized party” who had penetrated their system between March and May of 2023 and apparently engaged in an undetected downloading spree. Though the letter didn’t point out it, I used to be certainly one of almost 10 million people affected, out of a number of well being care suppliers in a number of states.

The phrase “sorry” didn’t seem within the letter. But, it assured me, Perry Johnson and Associates “take(s) this incident very seriously.” What a reduction! Anyway, it now was promising to “update our systems to prevent incidents of this nature from occurring in the future.” Which begs the query: Why weren’t these programs up to date earlier than?

The phrases “we apologize” did appear in a disturbingly similar letter I received later in November, from East River Medical Imaging. Between August 31 and September 20 its system was penetrated, and the documents that were accessed or copied might have involved my name, contact information, exam and/or procedure information, and even images from my medical tests. But East River is taking my privacy and security very seriously! Not enough apparently, to do anything to mitigate my loss. “The letter did remind me that it’s always a good idea to review health care statements to identify fees for services unreceived. Has that letter writer ever managed to decode a list of medical charges?

At least my DNA information wasn’t compromised … oh wait, I almost forgot an email I received from 23andMe in October saying that information shared with DNA relatives may have fallen in the hands of those seemingly ubiquitous unauthorized users.

Notice a pattern? Everyone knows that data like credit cards and even Social Security numbers are routinely purloined. But as medical records became digitized, we were assured that extra care would be taken to protect them. There’s even a law, known as HIPAA, to assure that those super sensitive files would stay out of the hands of cyber-villains. But that’s clearly not happening. It’s the responsibility of the US Health and Human Services Office for Civil Rights to investigate incidents affecting more than 500 people. It’s currently looking into more than 500 breaches reported last year. That’s nearly twice as many as the previous year.

That’s a huge problem because the theft of insufficiently protected medical information goes much deeper than financial risk. The remedy offered to me and millions of others by Perry Johnson was a year’s worth of identity-theft monitoring from Experian. This doesn’t begin to relate to the real risks. “There are a whole range of harms that can follow a person far beyond financial impacts when we talk about targeting people based on their health vulnerabilities.” says Andrea Downing, cofounder of an grassroots activist group known as The Light Collective, which advocates for accountable medical information stewardship. “People can be targeted based on their health vulnerabilities and become easy fodder for medical fraud.” The medical info of almost 10 million folks could be a useful useful resource to drug entrepreneurs, insurance coverage firms, and producers of bogus medical gadgets. And in contrast to private finance info, there’s no strategy to make that info moot. You can get a brand new bank card or a brand new checking account, however you possibly can’t get a brand new medical historical past.