(Bloomberg) — Documents stolen from Sony Corp. by hackers include detailed and identifiable health information on more than three dozen employees, their children or spouses — a sign of how much information employers have on their workers and how easily it can become public.
One memo by a human resources executive, addressed to the company’s benefits committee, disclosed details on an employee’s child with special needs, including the diagnosis and the type of treatment the child was receiving. The memo discussed the employee’s appeal of thousands of dollars in medical claims denied by the insurance company.
See also: Remember… HIPAA privacy?
Another document leaked in the hack is a spreadsheet from a human resources folder on Sony’s servers that includes the birth dates, gender, health condition and medical costs for 34 Sony employees, their spouses and children who had very high medical bills. The conditions listed include premature births, cancer, kidney failure and alcoholic liver cirrhosis. The document doesn’t include employees’ names.
A Sony spokesperson didn’t respond to a request for comment.
The health documents are part of a devastating computer attack on the company’s Culver City, Calif,-based unit Sony Pictures that sent thousands of files circling the Web between various file-sharing sites used by hackers. The information revealed has included the salaries of thousands of employees and e-mails taking shots at President Barack Obama and at Hollywood stars like Angelina Jolie. The release of the health information could be some of the most damaging material, said Deborah Peel, director of Patient Privacy Rights, a non-profit group.
The Health Insurance Portability and Accountability Act (HIPAA) privacy provisions impose tough data security and privacy rules on employers and other organizations with access to individuals’ health information.
“This stuff will haunt all those people the rest of their lives. Once it’s up on the Internet it is up in perpetuity,” Peel said.
“This is a thousand times worse than that other stuff,” she said, referring to salary information and personal e-mails. “Health information is the most sensitive information about you.”