The Wall Street Journal (subscription required) reported a potential new partnership between Apple and the Department of Veterans Affairs that would give military veterans access to portable electronic health records.
This move will have one effect: expanding attackable surface and creating a new vector for fraudsters to attack. That should be enough to give pause, but there is more. While it is intended to simplify patients’ hospital visits, it would also give the tech giant access to millions of new potential customers, and, with that, their most sensitive personal information. That is no small ask on the part of Apple.
Apple has been allowing patients to import and store patient information since January. The move sets up a classic conflict: convenience versus privacy. The software currently being developed by Apple, a company that has advocated strongly for consumer privacy, will let nine million veterans transfer their health records to iPhones.
Maybe it’s because I write about cybersecurity, but the first thought that comes to mind for me is a question: What if something goes wrong?
While the desire to increase convenience to our veterans seeking health care is an admirable goal, the perils of moving such vast amounts of incredibly sensitive information around is daunting.
The last thing we want to do for those who have served our country and need health care services is to put them in a position to require data breach remediation.
The kinds of information that this proposed system will be trafficking in can, if exposed, ruin careers and cause myriad other kinds of harm not easily undone. As the military considers the next steps, the marching orders here should be, “baby steps.”