Security fears over hospital data
A data protection expert has exposed a lack of security at one of Switzerland’s leading hospitals by hacking into confidential patient files in a matter of minutes.
Michael Böni claims databases at 80 per cent of the country’s hospitals can be cracked using the same computer programme.
Parked in his car outside Zurich University Hospital, Böni – whose experiment was sanctioned by the hospital authorities – used a laptop computer to gain access to hundreds of patient files stored on the intensive care unit’s computer system.
“It was actually quite easy,” Böni told swissinfo. “There was no specialist knowledge necessary and we used some tools that are readily available on the Internet.”
Bruno Baeriswyl, a Zurich-based data protection specialist, told swissinfo that he was not at all surprised by the ease with which security systems had been bypassed.
“What we see here is just the tip of the iceberg,” he said.
“New technologies contain new threats to privacy and data protection. If we don’t get these under control we risk losing our privacy, and sensitive health data will be available on the Internet.”
Patient data
According to Böni, hospitals are obliged by law to protect patient data but simply don’t have the resources to do so.
“Hospitals see the need to do something, but the reality is that a lot of them throughout Switzerland don’t have the funds to conduct these tests,” he said.
“I think that’s one thing politicians and hospital management have to take care of.”
Böni added that the Swiss appeared to place more importance on protecting financial information than medical data.
“The Swiss take great precautions to protect their bank information, and everything to do with money is dealt with at the highest political level,” he said.
“But if it concerns the privacy of people and their personal data, there is not much effort.”
Grave consequences
Baeriswyl agreed that more needed to be done to protect hospitals against hackers, otherwise there could be grave consequences.
“I think people should be concerned. In America you can buy patient data for $50 from information brokers, and I really don’t want this to happen in Switzerland or Europe,” he said.
The Swiss Hospitals Association said it was concerned by the findings but denied that data security was, in general, a serious problem in the country’s hospitals.
“Hospitals are well aware of the problem of data protection,” spokesman Simon Hölzer told swissinfo.
“We have strict internal guidelines to ensure that patient data is not passed to people who have no right to it and to ensure that the terms of the data protection law are adhered to.”
“Everything is being done to ensure the security of data in a world in which technology is advancing constantly,” he added.
swissinfo, Samantha Tonkin and Isobel Johnson
Micheal Böni used a laptop to gain access to hundreds of patients’ files.
Böni says hospitals are obliged by law to protect patient information but don’t have the means to do so.
The Swiss Hospitals Association said it was concerned about the findings but did not think that data security was a big problem.
In compliance with the JTI standards
More: SWI swissinfo.ch certified by the Journalism Trust Initiative
You can find an overview of ongoing debates with our journalists here. Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.