back to article Triple-headed NHS privacy scare after hospital data reach marketers, Google

The UK's National Health Service (NHS) and the NHS Information Centre are riding out a three-pronged privacy storm. The first privacy incident starts with this PA Consulting document titled “Placing the patient at the centre of healthcare: PA report on the future of healthcare.” On page eight, a section titled “The cloud can …

COMMENTS

This topic is closed for new posts.
  1. David Glasgow

    What has it got on its serverses?

    It's mines. Nasty dirty NHSICes. Master tricked us, nasty tricksy NHSICes.

    But NHSICes is kind, and wants best for us, makes us all more healthy helps research

    NO. They messes it all up. Master will sell us all and they don't know their arses from their elbowses.

    STOP IT NOW!

    1. Anonymous Coward
      Happy

      Re: What has it got on its serverses?

      Can you do that again as Yodo?

      1. Anonymous Coward
        Anonymous Coward

        Re: What has it got on its serverses?

        In all seriousness, I wonder if they'd be able to get Google to tell them exactly where in the world the data was stored, and where BigTable ran? If the answer to both is "in the UK," then what's the problem?

        1. Anonymous Coward
          Anonymous Coward

          Re: What has it got on its serverses?

          The problem is that google has access to the data, any use of public cloud for personal data such as this should be punished..

        2. Pseu Donyme

          Re: What has it got on its serverses?

          >... then what's the problem?

          Maybe that the data was supposed to be strictly confidential, accessible to named individuals within PA Consulting only? Instead, a company with the business model - in essence - of violating privacy for profit on a massive scale was given a copy. It does not help that Google fancies that the EU data protection law does not appy to them (on record, no less: http://www.cnil.fr/linstitution/actualite/article/article/google-failure-to-comply-before-deadline-set-in-the-enforcement-notice/).

          1. Matt 21

            Re: What has it got on its serverses?

            It's also a stupid mis-use of technology. Uploading the data into a local SQL server should always be quicker than sending the same data over the internet, unless you are particularity stupid.

            1TB isn't a lot of data these days and while I'm not a big fan of MS SQL server, queries should easily run in an acceptable time on a 1TB data set. It sounds to me like the person doing the work didn't know what they were doing with SQL server but had a friend at Google. I wouldn't be too fussed if it wasn't for the privacy concerns.

            There are loads of Data Warehouse products out there, like Sybase IQ which can run these types of queries in seconds and don't require you to send your data to some dodgy location like Google.

            1. Anonymous Coward
              Anonymous Coward

              Re: What has it got on its serverses?

              SQL server? That MS things? Well, it's getting there. It still sucks compared to SQLite. JK. Any local DB server should be faster to dump data into that uploading it to... wait a second, maybe they were on site. The plot thickens!

        3. Anonymous Coward
          Anonymous Coward

          Re: What has it got on its serverses?

          @theodore Google don't have any data centres in the UK do they? (http://www.google.com/about/datacenters/inside/locations/index.html)

        4. This post has been deleted by its author

      2. DavCrav

        Re: What has it got on its serverses?

        "Can you do that again as Yodo?"

        Computerisation of health records leads to big data.

        Big data leads to cloud.

        Cloud leads to suffering.

        Not quite as snappy as the original.

  2. Lewis Paragraph

    HES Data

    As far as I know, HES Data is publicly available to anyone who wants access to it from here http://www.hscic.gov.uk/hesdata

    1. Andy Gates

      Re: HES Data

      Various analyses and extracts are. I bet they'd look at you funny if you said "giz the lot".

      1. Anonymous Coward
        Anonymous Coward

        Re: HES Data

        On current form they'd say "Twenty quid the lot mate" and chuck in a years subscription to Data Pimp Monthly.

  3. frank ly

    Placing the patient at the centre of healthcare

    It's actually "Placing the patient at the centre of the feeding trough."

  4. Will Godfrey Silver badge
    Unhappy

    Not surprised

    Annoyed - yes, but not surprised.

  5. This post has been deleted by its author

  6. MrXavia
    Facepalm

    Summary Care Record? Brill Idea... Sharing that data? moronic.....

    As always the government have to balance a good idea with something very stupid.

    the idea of a single record for each patient is brilliant, no more will I have to waste time confirming information every time I go for a scan or similar, they can even have my DNA an fingerprints if that will help with my care...

    BUT if you share that data with private companies? no thanks, that is idiotic.. Allowing any public cloud services to be used is even dumber, oh no one at google has access? sure... its not like the data is encrypted with external keys is it?

    I assume I am able to ask who accessed my records, when and why?

    1. Will Godfrey Silver badge

      Re: Summary Care Record? Brill Idea... Sharing that data? moronic.....

      Actually no.

      I do want someone to confirm my name address etc. every time I go for a hospital appointment. I really, really don't want a flip of a digit to result in me having a leg amputated instead of a cyst removal.

      Also, the more varied and different parts there are to your overall ID, in totally different locations (preferably some of them paper) the harder it is for anyone to fake it.

    2. Anonymous Coward
      Anonymous Coward

      Re: Summary Care Record? Brill Idea... Sharing that data? moronic.....

      think you'll find the every doc taking a history at each initial consultation.

  7. Piers
    FAIL

    Sysadmins...

    > "that no Google staff would be able to access the data"...

    This just goes to show that they *really* have no idea what they're talking about. Of *courrse* Google staff have access. They have access to *all* data on their servers! Not all staff, but the sysadmins do.

  8. wyatt

    So we're screwed what ever happens with the Care Data then? Confidential information has already been released by hospitals and is being ingested by Google. I'm sure they're able to mine it for their own use when ever they want. Nothing to say they aren't already and are storing the results to save themselves time when they have 'permission' to do so.

  9. Infernoz Bronze badge
    Facepalm

    Damned easily predictable

    I knew this would happen, these morons can't help themselves; this is why I opted out of care.data!

    1. JohnMurray

      Re: Damned easily predictable

      Except that your data will be extracted along with everyone elses....is you are lucky your dissent for use of and dissent from disclosure for codes will take effect after that. However, it is guaranteed that if a large number of opt-outs happen, and they are sufficient to materially affect the data adequacy, the codes will be legislated away.

      Nothing is more temporary with gov data than confidentiality.

  10. RyokuMas
    Black Helicopters

    Healthcare information stored on Google?

    Well, shit. Welcome to Google Britain! As of now, we are part of the collective - every mother-to-be's records will be on Google, ergo Google will have complete records on every child from before they're even born.

    Add this to Google glass - probably with an addition of transmitting audio as well as visual data back to base - and we're watched, monitored and profiled from cradle to grave, with Google in a position to push us onto whatever path they choose.

    This kind of power is dangerous beyond the comprehension of most and needs to be broken before it's too late - if it isn't already.

    1. Zog_but_not_the_first
      Big Brother

      Re: Healthcare information stored on Google?

      In the 1930s "Your papers!" In the near future "Why aren't you wearing your Google glasses?"

    2. JohnMurray

      Re: Healthcare information stored on Google?

      Oh look...my house on google earth now has my NHS number by its side....and I just click on it to find my appointment for the GUM clinic..

  11. Joe Montana

    Access to data

    "no Google staff would be able to access the data"

    WTF? of course they would! how naive are people?

    Just because no member of google staff would have an account on the frontend application that's typically used to access the data, doesn't mean they don't have administrative access to the underlying server on which the data is stored or even physical access to the servers/drives its stored on.

    It is obvious that any number of google staff could gain access to the data if they wanted to, and to claim otherwise is ridiculous.

    1. Anonymous Coward
      Anonymous Coward

      Re: Access to data @Joe Montana

      WTF

      So you are assuming that both the data and database tables are unencrypted?

      There is no mention of this in the article.

      1. Anonymous Coward
        Anonymous Coward

        Re: Access to data @Joe Montana

        @Amiga500

        If they were working on an encrypted dataset, they wouldn't be able to do any analysis using Google's analytical tools (they're tailored to work with big datasets- if you only decrypted part of the dataset at once, you'd have a large number of small datasets).

        1. Anonymous Coward
          Anonymous Coward

          Re: Access to data @Joe Montana

          There is also no mention of any Third Party assessment (Google). You will probably find that Google take their security more seriously than the NHS. The NHS has an awful track record of data loss and breaches, and I would suggest that their would be more access to this data from the NHS than by Google as some are suggesting here.

    2. Guus Leeuw

      Re: Access to data

      Dear Mr Montana,

      may I be so free and correct a common misunderstanding that I see very often nowadays? Thank you.

      And I quote "underlying server on which the data is stored or even physical access to the servers/drives its stored on". That's the whole point of storing data on the cloud: There's no underlying server, which is not even physical, and therefore can't be physically accessed.

      Oh... See how easy it is to pretend that I could work for the government... Cranking stupidity is far easier than cranking up intelligence... But nowadays even stupid people must somehow be able to survive, even if they are clearly not the fittest :D :P :O

      Now, as far as Google Admin access is concerned: All you nitwits who assume that one Admin goes in and mines the data... *FAIL* The point here would be that a Google Admin can create a backdoor into the data because (s)he has access as a privileged user to the virtual(!) server the data sits on. Through the thusly tampered backdoor, Google advertising experts can then mine the data for purposes of displaying adverts to patients undergoing surgery via a beamer mounted on the surgeon's back, and pointing to the ceiling....

      Oh and never mind the rant about the encrypted data. Imagine this: Google has more than 1 server. In fact, they have more than 100 servers. Some of them are operated in such a way that they can spawn hosted virtual servers at the click of a virtual button. So then, imagine Google (or more likely a rampant Googler) ramps up say 1000 virtual servers. That Googler knows how to parallelize workloads and runs a decrypt attack on your stale but encrypted data. The Googler soon finds out that 1000 is not enough, and employs a 1000 instances at the premises of competitioned giant Amazon. Et voila: 2000 servers working together on cracking your uhm our data.

      So... go THINK before you burn down some commentary... Oh yeah: The first part of this post is uhm sarcastic?!

      Regards,

      Guus

      1. Anonymous Coward
        Anonymous Coward

        Re: Access to data

        So you would pay for a service then the service provider would use all it's computing power to work to crack your encryption.

        I think you are right there are no physical servers in the cloud

        The second part of my post is sarcastic

  12. Anonymous Coward
    Anonymous Coward

    PA Consulting, haven't they been in the headlines (a few times) for data breaches?

    Regarding Earthware's map;

    a/ it was not false data thus it was taken down, or

    b/ it revealed just how much scary shit they could do with your information

  13. John Smith 19 Gold badge
    Gimp

    TL:DR version. US company +US data centres gets *all* NHS Hospital data.

    THE PATRIOT Act then makes any notion of privacy absurd.

    1TB of data sounds a lot but I wonder.

    How many servers? How many processors? How many predefined indexes? How much disk for the indexes?

  14. Anonymous Coward
    Anonymous Coward

    Follow Ross Anderson's dealings too

    Professor Ross Anderson from Cambridge Uni is also very active in this matter. Follow his posts on the Light Blue Touchpaper blog

    http://www.lightbluetouchpaper.org/

    and his very interesting FOI exchanges with the MHRA, in which they are displaying real ignorance of the issues involved.

    https://www.whatdotheyknow.com/request/privacy_mechanisms_in_cprd

    1. Anonymous Coward
      Anonymous Coward

      Re: Follow Ross Anderson's dealings too

      had to laugh at that:

      Anderson to hsick "what are your threat- and security models?"

      hsick to Anderson "we don't understand what you mean by threat model and security model, please elucidate"

      honestly. I mean wtf?

      Anderson then told them to get a copy of his book!

  15. kiwimuso
    Joke

    pseudonymised?

    "The NHS Information Centre (NHS IC) signed an agreement to share pseudonymised Hospital Episodes Statistics data with PA Consulting in November 2011."

    Did someone mis-spell sodomised?

  16. Cyrinic

    Oh dear HSCIC.

    They can't even handle their website, I don't trust them to handle our data.

    https://dl.dropboxusercontent.com/u/17978475/lolwat.png <- screenshot taken at 11:28am.

  17. foo_bar_baz

    "Target health improvement"

    "identify trends and patterns in order to target health improvement more effectively"

    What they mean is target their advertising. Another marketingspeak win.

  18. David 138

    meh

    A Google engineer is probably more trust worthy than any PR company and 99.9% of the entire civil service.

    1. John Smith 19 Gold badge
      Joke

      Re: meh

      "A Google engineer is probably more trust worthy than any PR company and 99.9% of the entire civil service."

      So about 0.01% as trustworthy as a normal human being?

      Some days it's just too hard to pass them up.

  19. Graham Marsden
    Facepalm

    Hanlon's razor...

    "Never attribute to malice that which is adequately explained by stupidity."

  20. nsld
    Black Helicopters

    Lets look at the real reasons behind this

    PA consulting are a front for this, they get the data onto a US companies servers, get well paid and take some flak for it.

    Meanwhile the NSA using the patriot act can now access all that information and do as they wish with it before passing the results back to GCHQ.

    So the goverment can analyse all this juicy data without the need for any legal oversight, warrants etc etc.

    A year ago this would have been a tin foiled hatted conspiracy theory, today its a different story.......

    1. Anonymous Coward
      Anonymous Coward

      Re: Lets look at the real reasons behind this

      indeed, plenty of scope for blackmail there. looking on the bright side, a few politicians might cop for some unintended consequences.

  21. Anonymous Coward
    Anonymous Coward

    Keep digging

    No doubt theres going to be a lot more (and a lot murkier) where this came from. That 'six months' delay is already starting to look very, very optimistic; a couple of wrong footed appearances on Newsnight and Care.data will head the way of ID cards and the Dodo.

    1. John Smith 19 Gold badge
      Unhappy

      Re: Keep digging

      "That 'six months' delay is already starting to look very, very optimistic; a couple of wrong footed appearances on Newsnight and Care.data will head the way of ID cards and the Dodo."

      We can hope.

  22. miket82

    UK cloud and Google

    I stick my data on the cloud and it's not leaving the UK. So, the NSA and GCHQ are not interested? The only sure way of it not going where the sun don't shine is not connect to the web. Simples.

  23. Afflicted.John

    Anonymised data - why the problem

    This data cannot be used to identify you. It does not contain details about who you are or where you live. You record is reduced to an unidentifiable number.

    So why the concern?

    1. foo_bar_baz

      Re: Anonymised data - why the problem

      It's not anonymised. It's "pseudonymized". Experience has shown that such data is vulnerable to inference attacks. You can take "cleaned up" data and either process it or combine it with other data sources to infer the missing parts.

      1. Juillen 1

        Re: Anonymised data - why the problem

        Except aggregate data isn't susceptible to inference attacks. Only the per-patient data, which isn't included in that dataset.

    2. kiwimuso
      Devil

      Re: Anonymised data - why the problem

      "So why the concern?"

      'If' the data is not intercepted by other agencies, 'if' the data is not able to be processed and identified as outlined by a previous poster, and 'if' that's all that happens to the data, then there is no concern.

      Rather big 'ifs' though don't you think?

      Also the thin end of the wedge. As we know from past experience, there is ALWAYS scope creep.

      Bottom line, while the original scope of these systems is intended to be a 'good thing' it only takes one unscrupulous bastard to use it for their own benefit - power!

      Best not to give the bastards the chance.

      Oh, but I forgot, it's for our 'own' benefit. It always is. Don't argue.

  24. hapticz

    omg, now someone knows!

    a leak here, a leak there, and soon there's enough dribbles and drops of data to derive a fleck of profit from it by some cretinous unsavory profiteering businessman/criminal. of course, a fleck off a few terrabytes can be substantial enough to jump from a flat to a semi attached in just short of a few years time too!! gotta love the cloud, it rains so many opportunities down upon the wretched.

This topic is closed for new posts.

Other stories you might like