A Matter of Life or Death

In this book a data breach, identity theft, causes a death

It sounds like something out of a fictional story, but could there be a data breach that might result in a person’s death? I read a book recently called Medical error in which a patient dies because of an allergy. The physician checked their records and noted the patient had been prescribed the drug earlier that year at the hospital, administered it, and the patient reacted and died. It turns out the patient was a victim of identity theft and the thief was the one that was seen at the hospital. The thief  didn’t have an allergy, but the victim did and died.

According to this story, there hasn’t been a case of a data breach resulting in someone’s death, but the recent attacks against law enforcement agencies could change that. Informants and undercover detectives depend on their anonymity. A release of details from active cases could result in a death since the people that would be most interested in the information might be willing to kill those named.

We seem to have no shortage of people that hack and attack systems for fun, often without much forethought about the potential effects of their exploits. As criminals get more sophisticated, I would expect more attacks to occur against law enforcement agencies. We’ve already had attacks that cross national borders, potentially sponsored by governments and I suspect we will see even more in the future.

The data professionals working in the industries where life and death are dependent on technology should be worried. In law enforcement and medical fields, data professionals should be constantly educating themselves about security and working to regularly ensure their systems are protected, and audited . Auditing may even be more important in order to respond to breaches quickly.  It is asking a lot, but the potential results from a security lapse could haunt you for a long time if you haven’t done your best.

Steve Jones

The Voice of the DBA Podcasts

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.