The big news this past holiday weekend wasn't about the weather or beach temperatures. It was about a high-profile hack into celebrity private photos stored in the cloud--most likely Apple's iCloud--and how hackers accessed and posted personal photos of more than 100 female celebrities.
Why does this matter to our readers who are into mobile healthcare? There are two reasons: first, the hack illustrates stored data in a cloud obviously isn't truly protected (and I'm not blaming Apple for the reality); second, it goes straight to the heart of the "what if" scenario regarding confidential healthcare data. What if healthcare data in a cloud is hacked and illegally published? One thing we know for sure is that it would be much more disastrous, compared to photos, for the individual as well as the vendor tasked with protecting such data.
As news reports continue to filter out, it has not been confirmed that the photos were stored in Apple's iCloud and the only indication that Apple's cloud may have been involved is a ZDNet report that Apple confirmed fixing a vulnerability in its Find My iPhone online service. A Wall Street Journal report Monday stated Apple is actively investigating vulnerabilities in its iCloud service.
It's going to take at least a few days for what happened to shake out. But in the meantime we don't need verification to talk about the "what if." Scandalous private photos being published are nothing compared to publicizing health issues that no one else has a right to know about and which could cause a great deal more humiliation and hurt a professional's personal and career life than a nude shot.
It's a critical time to talk about "what if" given Apple's impending official product event next week where the tech titan is reportedly going to announce its first big mHealth wearable, dubbed the iWatch, and possibly provide deeper detail about its data sharing mHealth framework HealthKit.
Privacy and data protection are crucial issues that impact everyone, from consumers to patients, to providers to payers. While smartphone tools and apps are increasingly being used for mHealth tech, the question of where the patient's data will be housed, how will be shared and how will be protected should be front-and-center for everyone.
To that end, Apple--in its revised iOS developer license agreement--has told developers who want to use HealthKit's application programming interface that they will not be allowed to sell "end-user health information to advertising platforms, data brokers or resellers," according to the Wall Street Journal.
Meanwhile, just a few weeks ago Sen. Chuck Schumer (D-N.Y.) called on the Federal Trade Commission to put a new policy in place regarding data sharing among mHealth device and app makers and third parties. The FTC has gone on record stating more regulations are needed but it clearly doesn't want to be the one formulating new rules. That's despite an FTC study that found at least one app vendor sharing personal health data and information with a third-party ad company and users were not aware of the activity.
The celebrity photo cloud hack is truly a big wake-up call that data security must be priority No. 1 as mHealth continues to expand. Just who will be in the forefront in ensuring such a critical element has yet to be determined, but it must be determined soon as it's just inevitable healthcare data will be a hacker's target at some point in the future. - Judy (@JudyMottl and @FierceHealthIT)