Collecting and Storing Private Data: Limits with No Limits - Security Boulevard

Collecting and Storing Private Data: Limits with No Limits

With big companies entering the healthcare market, the inevitable must be asked: How protected is our private data? What can be done with regards to data privacy and security?

Ten Years from Now …

Ten years from now we could be facing the mother of all data breaches—a scenario not too difficult to imagine in this era of data mining incompetence. Regardless of the ongoing claims from Amazon that the security of its cloud computing platform and S3 (Simple Storage Service) cloud storage network are safe, both experience data breaches on a regular basis. U.S voter records, U.S defense data, SQL databases, Uber user data and Pentagon spy data are just some of the data stored on Amazon’s S3 storage platform.

Ten years from now, what other data will be stored there? With Amazon entering the healthcare sector, a potential future data breach could reveal not only your address and credit card number but also your social security number, sensitive health records and even your complete genome data.


Amazon recently acquired PillPack, a relatively new startup providing home delivery of prescription drugs. PillPack had access to users’ prescription data; now Amazon does. We are all aware of Amazon’s size and power and ambitions for future growth; therefore, it’s not much of a leap to believe that after its acquisition of PillPack it will move to become the world’s largest provider of prescription drugs.

Healthcare Service Without the Middleman

The announcement of Amazon, Berkshire Hathaway and JPMorgan’s joint venture, which aims at providing their employees with lower-cost healthcare services, if taken at face value is awesome. However, launching a company that ignores the middleman (health insurance firms) when negotiating healthcare solutions could lead to a massive $30 billion drop in the stock market value of the 10 largest insurance and pharmacy companies in the world. And what happens when Amazon develops its prescription drug delivery business and takes it to its inevitable next step—a nationwide rollout?

Access to All Public Healthcare Data?

We are easily looking at a time when this joint venture will have access to all of our public healthcare data, and if it follows its regular modus operandi, Amazon will soon offer the cheapest and most user-friendly healthcare option around, pushing other healthcare providers out of existence. This is worrying on so many levels.

First, would Amazon use this data for its own purposes? Yes.

Although there is a law in the United States called HIPAA (Health Insurance Portability and Accountability Act) that prevents companies from selling sensitive patient data to other parties, it was noted in a Wall Street Journal piece that some health records-holding companies could share patient info for marketing purposes with a patient’s consent. If Amazon becomes one of these healthcare companies, it could easily insert this question of consent into the never-read general Terms and Conditions. Combine this data with the other user info Amazon already collects and stores, and we are facing a pretty scary future in which one company knows literally everything about you, from your health to your shopping habits and everything in between.

Second, how safe is all this information?

We know breaches are ongoing. Today a breach in Amazon’s S3 cloud storage could lead to your address being leaked. In the future, such leaks could be detrimental. Your health data is extremely sensitive and should remain private. A future breach of Amazon’s S3 cloud storage could result in very sensitive information going public—names of people suffering from chronic diseases or STDs, angina, diabetes or any number of minor illnesses—leading to a person’s private data being used against them by employers, insurers and society at large.

While Amazon will probably have to keep its drug prescription business separate from its main business to begin with (to prevent the whole company from having to comply with HIPAA), it is not difficult to see a time when this act will be replaced and companies will have the power to combine and use all the data they have, no matter how sensitive. If you think this is farfetched, just look at what Ajit Pai and the FCC are doing with internet rights and online privacy issues. With enough cash to lobby the right people and the current administration’s pro-corporation stance, anything is possible.

Amazon Isn’t Alone

Deep Mind

Recently, Deep Mind (the AI company owned by Google) received access to 1.6 million patients’ healthcare data “from three hospitals run by a major London NHS trust.” The data will be used to create new AI-assisted techniques that should help medical workers to treat patients. We are told that our data is encrypted and secure, yet somehow Google managed to use it to send me personalized ads! A company that already knows a staggering amount about its users will in the future know even more.

Google Healthcare and Google Genomics

Google Healthcare and Google Genomics say they collect health data to come up with more efficient ways to diagnose patients and offer more benefits to health workers, by utilizing AI-powered services. The cost of this?  Well, Google will have the health and genome records of everyone using their health services. Talk about a scary future—Google will know you online and in the real world. No privacy, no anonymity, no security.

The aim of both companies is hosting human genome records in the cloud, offering universities and genomic companies free cloud storage for their data. The ultimate goal of all genetic researchers is to collect the genome of every human on the planet, and this data has to be stored. Amazon and Google are poised to do just that. And, while creating a planetwide genome record could prove to be tremendously important for improving our health and providing better medication and treatments for various diseases, the fact that these records will be given to Google and Amazon for safekeeping could prove to be catastrophic.

Conclusion (Questions Remain)

What should we do? What road should we follow? What road will they follow? How do we protect our genomic data, our medical data? We are our data and our medical data is us, but as we move toward the future, the respect and worth afforded to human life is diminishing at an alarming rate. While at the same time the worth of our data to companies such as Google and Amazon is growing at an alarming rate. The future seems bleak; money will ensure that fewer protections will be put in place and the boundaries needed to keep us, our data and our privacy safe may be lost in the mists of time. In Hitler’s first address to the Reichstag, he stated, “The individual was nothing without the state.” Are we facing into a future where the individual will be nothing without Amazon and Google?

Aigerim Berzinya

Featured eBook
7 Must-Read eBooks for Security Professionals

7 Must-Read eBooks for Security Professionals

From AppSec to SecOps, Security Boulevard eBooks deliver in-depth insights into hot topics that matter to the Cybersecurity and DevSecOps professionals. Our staff of writers are the best in the business, with decades of practical and award-winning experience and credentials. We are excited to share our 2019 favorites. Take a look and download some of ... Read More
Security Boulevard

Aigerim Berzinya

Aigerim Berzinya is the Marketing Director at Turtler GPS Ltd. and as the company's globetrotting backpacker uses the app while hiking abroad or in the mountains to stay connected and safe. She has Master`s Degree in Social Sciences. Aigerim worked for QSI International School of Astana for 5 years. Her hobby is playing piano, hiking and reading books.

aigerim-berzinya has 1 posts and counting.See all posts by aigerim-berzinya