Thousands of Americans may unwittingly be sharing personal medical and financial information stored on their home computers when they use file-sharing software, according to a new study."The issue has been bubbling for a couple of years," said lead author Khaled El Eman, a senior scientist at the University of Ottawa's Electronic Health Information Laboratory.
"In the past we knew there was a problem. We just didn't know how big it was. We also wanted to see if anyone was actively searching for this information."
El Eman and his colleagues found evidence of outsiders actively searching for files containing private health and financial information on peer-to-peer (P2P) file-sharing networks such as Gnutella, eDonkey and BitTorrent. P2P networks let users connect with the computers of other users on the network and search for and download files.
"Very simple search terms such as 'medical records' or 'credit card' were quite effective in returning sensitive documents," El Eman told TechNewsDaily. Retrieving this information, he added, does not require world-class computer hacking skills.
"It's a total no-brainer," he said.
Thousands at risk
The study, published in a recent issue of the Journal of the American Medical Informatics Association, found that the absolute number of files returned containing sensitive health and financial information was relatively low — less than 1 percent of U.S. files contained personal health information and slightly less than 5 percent contained financial data.
Given the popularity of P2P file sharing, though, this translates into tens of thousands of computers at risk, El Eman said.
"There are around 250 known P2P file-sharing programs," he said. "And they vary in their badness. Some of them are known to automatically share everything on your machine without informing you what it's sharing. Some of them are better behaved."
P2P probing to discover personal information is a relatively recent wrinkle in file-sharing activity, El Eman said. In the past users primarily accessed and shared music, videos and pornography.
Whether you are a private individual or a healthcare worker taking patient records home, the only guaranteed way to keep your data safe is to avoid keeping it on a computer that does not have a file-sharing program installed.
For home users, that's not always easy. Teenagers are particularly fond of file sharing, El Eman said, and will frequently install programs without telling anyone.
If you're using a shared computer, he recommends, create different accounts for different users. That way, only one user's data will be at risk at any one time.