The state of medical privacy has become quite appalling lately. I started using a young doctor in a new office and they are gung ho on modern tech. That’s fine to some extent but they want to send me invoices and all correspondence via e-mail. No PGP of course. I did an MX lookup on their vanity email address & it resolves to an MS Outlook server.
I asked them for my test results. They offered to email them.
My response: I do not want sensitive medical info coming by e-mail via Microsoft’s servers. I did not give you a copy of my email address for that reason. It needs to be snail-mailed to me.
Perhaps of greater concern is that the receptionist acted like I am making a unusual request, and that they do not mail things. Apparently I am the only patient who has a problem with sensitive medical info going to Microsoft. So the receptionist is investigating whether she can get approval to mail me my results by post.
I wonder if someone in that clinic will have to run out and buy stamps because I have a problem with Microsoft.
O365 is not the security issue you think it is.
I would be far more concerned with the staff getting social engineered and data extracted from their practice applications which are known to be horribly unsafe and staff under trained in PII handling.
I’m not sure you understand. When you say “O365”, that implies desktop apps. When I say I did an MX lookup, that means the MX server is
(foo).mail.protection.outlook.com
, which means the email traverses MS assets in the clear regardless of what software they use.FWIW, unrelated, it’s notable that o365 was studied¹ by the Dutch gov and found² to violate GDPR due to telemetry data kept in the US.
WTF? Office 365 is run on Azure. You might want to look up their LATEST hack from a few days ago, and then keep reading about all the other times they have been hacked.
It’s not, but it’s also the same risk for any email server. Email is not a secure transport and should not be used for this type of information, no matter who the providers are.
Email providers are not equals. W.r.t the infosec nuts and bolts, sure it’s the same disclosure. But to say that the risk is the same for a giant surveillance advertiser who has mastered exploiting the data as the risk would be to a provider like Disroot is grasping. It neglects the trust factor. Both instances require trust, but in the case of MS that trust is unobtainable.
Threat models matter. Mass surveillance is in my threat model (and it should be in everyone’s). A small email provider looking to secretly target me is not in my threat model.
Microsoft profiting from my data (even if not sensitive) is also a problem for me. I do not email any MS user for any reason because I boycott MS. That’s not an infosec move but an activist move to not feed a pernicious giant.
While you aren’t wrong about the threat model, you do have to be clear with them that email isn’t an acceptable transport in any way for sensitive data. Email is an inherently insecure model, and anyone in the middle of the conversation can read that traffic. It doesn’t have to be a malicious email provider, just someone with access to a transit network.
I think you’re saying this because I have no way as a sender or recipient to ensure or verify TLS is in play at every hop, correct? Otherwise, if TLS is in force by both providers then I would only expect the email providers (and their hosting providers) to have access.
Yes, that’s exactly correct.
Have you heard of SMTPS or STARTTLS?
I’ll take two things no one is using for 100, Alex.
Loads of people are using it. Most people do but it’s not enforced. If I poison the opposing MTA’s DNS I can bypass it.
If Google and MS don’t then it doesn’t matter.
Yes, and while it’s use is common, it’s not mandatory.