When Charlie Sheen spoke out Tuesday on the "Today" show, the big news wasn't that he is HIV-positive. It was that he had been blackmailed for upwards of $10 million by people who threatened to reveal the information to the public. "I release myself from this prison today," the actor said.
While the health information of ordinary Americans may not command as high of a price as a wealthy celebrity's, opportunistic criminals are beginning to resort to similar schemes targeted at anyone who might potentially be hurt or embarrassed if others had access to information about their mental illness, nose job, abortion, or the fact that they're going through bottles of Viagra.
As hospitals, doctors and pharmacies shift to electronic medical records the issue is becoming one of data security. Hacker attacks on companies have traditionally focused trying to get financial information that can be quickly turned into cash, such as credit card numbers or bank account information. But in a number of recent breaches the digital intruders have made out with personal health information, as well -- raising the possibility of medical-data blackmail.
In one case involving a surgery practice in the Libertyville, Ill., in 2012, hackers got to e-mails and medical records in their servers and left a digital ransom note. In 2008, St. Louis-based Express Scripts told 700,000 customers that their information may have been exposed after the company received a ransom note containing the Social Security numbers and prescription records for 75 of its members.
Both companies refused to pay and contacted authorities.
In the past few months, there have been a number of other prominent hacks that involved stealing medical data.
Excellus Blue Cross -- which is based in Rochester, N.Y., -- reported in September that personal information from more than 10 million people may have been taken and that it included names, addresses and Social Security numbers, as well as sensitive medical information.
William Valenti, a physician at Trillium Health, which provides provides primary health care, as well as specialized services for people with HIV/AIDS and those who identify as lesbian, gay, bisexual or transgender, told the Democrat & Chronicle that the hack "prompts us to take another look at the way we handle this information through our electronic records."
In November, OH Muhlenberg LLC reported a breach at one of its hospitals in Greenville, K.Y. In a press statement shared by security blogger Dissent , the health care provider said that the computers that were accessed contained a huge amount of data, including information about diagnoses and treatment.
Last week, HIPAA Journal, which focuses on news related to health care privacy (and was named after the Health Insurance Portability and Accountability Act), reported that a former employee at Children’s Medical Clinics of East Texas took screenshots of records -- including diagnosis information and treatment details -- of a number of the group's 16,000 patients and disclosed them to a third party.
The Identity Theft Report Center reported in January that breaches in the medical/health care industry topped its list of breaches in 2014 with 42.5 percent of the 783 incidents they tracked. The 333 medical/health care incidents affected 8,277,991 records and took place at small health care clinics as well as a diverse group of large organizations, including Novo Nordisk, Tennessee's State Insurance Plan, Touchstone Medical Imaging, the University of California Davis Health System and the Kaiser Foundation Health Plan of Colorado.
For more health news, you can sign up for our weekly newsletter here.