Slashdot Mirror

← Back to Stories (view on slashdot.org)

Delving Into Google Health's Privacy Concerns

Posted by Soulskill on from the you-can-trust-us dept.

SecureThroughObscure writes "Security researcher Robert 'RSnake' Hansen discusses numerous concerns with Google's new Google Health application, which aims to integrate user's medical records online. We discussed Google Health's opening to the public earlier this week. RSnake mentions that Google has found a loophole allowing them to provide this service without having to follow HIPAA regulations, which, combined with Google's track record of having numerous flaws leading to private information disclosure, draws serious concern. Security researcher Nate McFeters of ZDNet's Zero-Day Security Blog also commented on the article, mentioning several past vulnerabilities: ownership of content issues, Google Docs theft, a cross-domain hole, Google XSS, and a Google Picasa protocol handler issue leading to the theft of user images. He and fellow researcher Billy Rios disclosed these issues to Google, including the ability to steal GMail contact list information. McFeters says it's likely that similar unpatched bugs would allow an attacker to view medical records if a user was also using Google Health. Both McFeters and Hansen tend to agree that Google's vulnerability disclosure/notification is non-existent and really needs to be improved. Currently, Google does not report vulnerabilities it has fixed to its user base, for the obvious reason of trying to hide the fact that user data could have been stolen."

5 of 121 comments (clear)

  1. But think of the benefits... by Anonymous Coward · · Score: 5, Funny

    When you get syphilis all the websites you visit will be carrying convenient advertisements for the necessary treatments.

    1. Re:But think of the benefits... by Anonymous Coward · · Score: 1, Funny

      "When" I get syphilis?!? I'm asexual you insensitive clod!

  2. Loophole? by jeiler · · Score: 5, Funny

    Google has found a loophole allowing them to provide this service without having to follow HIPAA regulations

    So the only thing protecting personal health information at Google Health is internal policy and "Don't be evil"? I guess that means they'll protect your PHI--as long as you're not a dissident in China.

    --

    If you haven't been down-modded lately, you aren't trying.

    Sacred cows make the best hamburger.

  3. Google managing my medical records? by prxp · · Score: 2, Funny

    I'd rather die.

  4. Re:Not me by larry+bagina · · Score: 2, Funny

    Says the guy posting under a fake name, not revealing his email address.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.