A private clinic holds a substantial record on the principal: history, diagnoses, treatments, contact details, often payment information and family relationships. The clinic's systems are breached, at some point, in line with the rate of breaches in the wider healthcare sector. The record surfaces in places no one would expect: forums, secondary data markets, the negotiating leverage of a sophisticated extortion attempt.
The exposure is more sensitive than most categories. Medical information shapes how a person is perceived, how they are insured, how they are written about, and how they are approached by parties who wish to manipulate them. The principal whose medical record sits in a breached file is not always told; the data circulates for years before any consequence.
The work is partly choice of provider (clinics with serious security practices, willingness to limit the data retained, clear policies on breach disclosure) and partly compartmentalisation across providers (no single institution holds the whole picture). It is also about the records the principal contributes through their own use of consumer health applications, which are often the leakiest part of the picture.
What is presently knowable can be read. What follows is a matter of considered judgment.
More from the desk
The personal protection detail and the published detail
The personal cloud storage and what it quietly holds
The phishing that knows your name and your bank
How a SIM swap works, and what it takes from you
The public company board seat and the disclosure it creates
The business of finding things out, and the customers it serves