March 30, 2004 2:11 PM

Just, plain, scary
Posted by at 2:11 PM

Tax filings, income figures and social security numbers. Sensitive financial data and account numbers. Medical records. Scads of personal information. To some degree this kind of information has always been "out there" for anyone intelligent enough to find it, or willing enough to pay for it. But as other businesses (beyond IT) offshore this kind of data, a dangerous, new privacy risk is emerging, opening the door to identity theft, fraud and other criminal activities.

Lubna Baloch sat in her office in the sprawling Pakistani commercial center of Karachi and gazed at the e-mail she'd composed. She tried to imagine the reaction half a world away when the people at UC San Francisco Medical Center saw what she'd written.

The famous U.S. hospital would have to take her seriously, Baloch knew, when it realized she was prepared to post its confidential patient records on the Internet. That is, unless UCSF helped her get the money she was owed from the mysterious Tom Spires, her link in a long chain of medical transcription subcontractors.

"Your patient records are out in the open to be exposed," Baloch wrote in her e-mail, "so you better track that person and make him pay my dues or otherwise I will expose all the voice files and patient records of UCSF Parnassus and Mt. Zion campuses on the Internet."

Then the kicker: "Just to make you believe that I am not bluffing I am attaching latest voice file and text of your hospital." Baloch had included private discharge summaries for two UCSF patients.

She clicked the send button on her computer screen.