The Sony Pictures Entertainment hack was embarrassing and potentially harmful to employees whose Social Security and credit-card numbers were stolen. Yet the level of harm caused by a different kind of cyberpilfering could be much more damaging: the theft of sensitive online personal information, such as medical histories, specific health-care treatments and personal-leave details.
A stolen credit card can be canceled, as Jim Routh, Aetna's chief information security officer, pointed out. Erasing traces of your medical history once it's online, though, is much harder. What's troubling is that despite the volume of sensitive data health-care companies hold, they lack the robust security you might expect.