Abortion Providers and Patients Under Threat of Privacy Breaches
Reproductive health providers and people seeking abortion care need only look at the not-so-distant past in the United States to predict a future in which their privacy is in legal and physical jeopardy.
Patients who live in abortion-ban states face extreme legal risks if they cross state lines to obtain a surgical abortion or self-administer medication abortion. In August, a mother and teenage daughter in Nebraska were arrested on charges stemming from the daughter’s self-administered abortion and burying the fetus. The local law enforcement was suspicious of their story of a stillbirth, so they subpoenaed Facebook for the women’s private chat messages. Once the chat messages confirmed their suspicion of an abortion, they increased charges against the women.1
The fact that law enforcement would go to such extreme measures should not be surprising. In some states, they will treat abortion — even days after conception — as murder. There are politics involved, says Anton Dahbura, PhD, co-director at the Johns Hopkins University Institute for Assured Autonomy and executive director of the Johns Hopkins University Information Security Institute.
“There’s also the theatrical part [of] playing to constituents,” Dahbura says. “‘Look — we’re prosecuting this woman to the fullest extent of the law, as you wanted us to. You voted me in.’”
In states that criminalize abortion, police and prosecutors will view this as the same as tracking and tracing accomplices for any kind of serious crime. “It comes down to the amount of effort and resources that law enforcement wishes to invest in a particular case,” Dahbura explains. “But it’s there for the taking, and I wouldn’t bet against [strong enforcement].”
Physicians who perform legal abortions also face privacy breaches that place the providers and families at risk from doxing, threats, and other harms. (For more information, see the story in this issue on preventing doxing.)
A recent study revealed professional and personal information of more than 1,000 abortion providers in the United States was easily available on one anti-abortion website. The personal data included marriages and name changes, financial histories, home addresses, photographs, and other information that could be used by someone to harass or harm the providers.2
“Photos were posted for 88% of the doctors who were included on this anti-abortion website,” says Joanne Rosen, JD, MA, a senior lecturer and co-director of the Center for Law and the Public’s Health at Johns Hopkins Bloomberg School of Public Health. “Forty-one percent of the doctors in our review sample had their home addresses posted. The dissemination of photographs and home addresses raises issues of physical safety.”
Doxing makes it far easier for someone to harass or threaten the doctors, and it violated the providers’ sense of privacy. “There is both a risk of being harassed, threatened, or possibly becoming the victim of violence,” Rosen says. “But it’s also a transgression of personal boundaries and a violation of privacy.”
When physicians are asked about doxing, they sometimes describe feeling isolated and more vulnerable. “This type of stalking is a form of harassment and intimidation,” Rosen says. “These are doctors who are not choosing to work in the public sphere or opting to have a public profile as part of their work.”
But the fact that someone — or a group — culled, aggregated, and curated a variety of information about the doctors and posted it on a publicly available and searchable website is threatening to the doxing victims’ sense of safety. “This one-stop-shopping format is what we regard as a unique form of public stalking and intimidation,” Rosen says.
What makes the doxing more disturbing is that the information was obtained from legal, public sources. Most of these should not have sent out personal information when receiving public records requests.
“The most common source was state medical licensing files,” Rosen says. “We advocate that professional organizations that represent doctors should be informing physicians that their medical licensing files are subject to disclosure under public records requests.”
Also, professional medical organizations and medical schools should urge state medical boards to employ public safety and other privacy exemptions to prevent release of requested information. “We need to make state medical boards aware that anti-abortion groups or individuals are making targeted use of public records laws to request disclosure of these state medical board files. They should be vigilant in applying personal safety and other privacy exemptions when they receive these individual requests,” Rosen says.
It also is possible that an anti-abortion group or individual would try to hack an abortion clinic’s patient data to obtain names and addresses of patients, especially since some states are offering financial bounties for people who sue abortion providers.
Family planning centers, abortion clinics, and OB/GYN offices also need to ensure their patient data are safe from hackers by using good cyber hygiene practices and, if possible, hiring an outstanding cybersecurity firm or information technology contractor.
“Use strong passwords, encryption whenever you can, and use two-factor authentication so you have to enter a code in a cellphone to access whatever accounts you are using,” Dahbura recommends. “You can make it a lot harder for your neighbors and other people that have a specific agenda to break into your files and devices and accounts and so forth, so that’s step one, especially in states where people are rewarded [through lawsuits against abortion providers].”
It is good practice to erase all patient data — from main files and any back-up files — as soon as it is legal to do so. Employees should be trained continually on cybersecurity and how breaches may occur.
Abortion providers need to know that cybersecurity risks will not disappear. They are potential targets. “Spend a few minutes every day reading about cybersecurity,” Dahbura says.
All these practices will help reduce risk, but they cannot eliminate it.
“We live in a society where we’ve made this choice and we want to have freedom [to information], so when people want to take advantage of that freedom, it’s very difficult,” Dahbura says.
REFERENCES
- Collier K, Burke M. Facebook turned over chat messages between mother and daughter now charged over abortion. NBC News. Aug. 9, 2022.
- Rosen JD, Ramirez JJ. When doctors are “doxed:” An analysis of information posted on an antiabortion website. Contraception 2022;115:1-5.
Reproductive health providers and people seeking abortion care need only look at the not-so-distant past in the United States to predict a future in which their privacy is in legal and physical jeopardy. Physicians who perform legal abortions also face privacy breaches that place the providers and families at risk from doxing, threats, and other harms.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.