"Anonymised" health data vulnerable to reidentification

In 2015, researchers at Harvard University found vulnerabilities in the anonymisation procedures used for health care data in South Korea that enabled them to de-anonymise patients with a 100% success rate and to decrypt the Resident Registration Numbers included with prescription data relating to deceased South Koreans. The unique 13-digit codes enabled full reidentification. In the UK, medical information is held on the NHS Personal Demographics Service is identified by the patient's ten-digit NHS number. In the UK, Cambridge University security engineer Ross Anderson noted that the problem is that 800,000 NHS employees need access to the PDS; Hampshire GP Neil Bhatia agreed that the large number of users means that access can't be audited or controlled and relies on trust.

https://www.theregister.co.uk/2015/10/02/s_korean_anonymised_health_data_sharing_a_breach_in_waiting/

Writer: Alexander J. Martin
Publication: The Register