Last week the Internet technology community experienced a true bombshell. Twitter, a darling of the media, a star of Silicon Valley, a poster child of cloud computing has been hacked. Company's secrets have become public.

I am not going to rehash details of the story, broken and thoroughly covered by TechCrunch (In Our Inbox: Hundreds Of Confidential Twitter Documents). Nor will I dive into the substance of the documents released, though they are truly worthwhile reading. I would like to highlight how exactly was Twitter hacked and how it could happen to your medical records.

Let us thank Hacker Croll for sharing the details on his break-in!

After receiving the confidential documents from the hacker, TechCrunch offered him an opportunity to explain how we managed to pull off his break in. The result is a rather long post outlining the step-by-step process for finding and exploiting the security holes: The Anatomy Of The Twitter Attack. If you have time, it is a very worthwhile reading. Here I would just summarize the basics.

Humans are usually the weakest link in any secure system

If you store documents in a collaborative online environment, all it takes is to find one individual using a weak password to gain a foot in the door. How weak could a password be? In case of Twitter, one of the individuals with access used the word "password" as a password. An automated hacking program can quickly run through the list of common "weak" passwords and find the key that matches.

Once a hacker has "foot in the door" by compromising say your Google account, they are going to find *LOTS* of different services accessible through the same login. Your Gmail or Google Docs got broken into? Well, now they can do anything they want with your Google Health too! If your email or documents store other logins and passwords (can you remember them without saving them somewhere?) they can be swiped and used to deepen the breach. A small breach could set off a cascade of dominoes, because of shared and interlinked online accounts.

TechCrunch summarizes the steps involved (HC = Hacker Croll)

1. HC accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned.
2. HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed.
3. HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments.
4. HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails.
5. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.
6. Even at this point, Twitter had absolutely no idea they had been compromised.

Now, how could similar "magic" work on your medical records?

Say you created a Google Health record and shared it with several physician offices and hospitals. Consider that each of these providers would have a number of employees with access. Now imagine that "Esther the Administrator" picked the word "password" as her Google password. Then consider that your own personal Google account could also be used for business document sharing. Anyone with access could be the weak link and let the wolves in. A compromised "hub account", think provider's employee with access to thousands of online patient records, could lead to a truly massive breach. The more you take advantage of the benefits of online PHR collaboration the higher security risk you are running.

Ironically, PHR services may be less secure than legacy EMR systems

Why is that? Because unlike cloud-based services, legacy systems had to pass the muster with HIPAA security. The siloed nature of legacy systems (lack of single signon and collaboration) makes it harder for a breach to spread. Given that access is usually restricted from inside the firewall, there is an extra hurdle for hackers. Shared PHR services have none of such defenses. Still, why have we not seen any high profile PHR breaches? I would guess the reasons are simple: not enough adoption and not enough users. If PHR takes off hackers will follow.

Has the future of PHR in the cloud become just a bit more cloudy?