Making Health Data Great (and Vulnerable) Again: How Trump’s Private Tracking Plan Risks the Future of Medical Privacy

Guest Editorial by Jurgita Lapienytė, Chief Editor at Cybernews

President Trump’s push for a national, privately managed health data tracking system – framed as a leap into AI-driven wellness – lands at a moment when the digitalization of healthcare faces an unrelenting barrage from cybercriminals worldwide. 

As America flirts with harnessing Big Tech’s reach for public health, the ghosts of cybersecurity crises abroad offer a sobering mirror. In truth, what’s being proposed echoes, and at times exaggerates, the mistakes and missed lessons of global peers – and the consequences could be horrible.

Learning from Cracked Systems: The UK, Singapore, and the Cost of Convenience

Take the UK’s National Health Service, or NHS, a good lesson on both ambition and vulnerability. The NHS, long considered a pioneer in health IT, suffered a blow in the 2017 WannaCry ransomware attack, which paralyzed hospitals, delayed treatments, and exposed just how outdated and fragmented the digital health infrastructure was. 

Even today, NHS cybersecurity remains patchwork, plagued by staff workaround culture – think patient data passed over WhatsApp, or clinical notes on personal devices syncing to private clouds. Despite expansive national strategies, interoperability is achieved at the price of new attack surfaces, and regulation can’t plug every crack in legacy IT.

Asia offers another lesson with Singapore’s high-profile SingHealth breach in 2018 where hackers exfiltrated the health data of 1.5 million citizens, including the Prime Minister. That incident forced a regulatory response: Singapore’s Cybersecurity Act now mandates strict controls and metes out multi-million dollar fines for failures. Yet, even after these upgrades, healthcare remains a tempting target, as regional ransomware attacks sweep up millions of records and stolen medical data often resurfaces for years.

The American Context: Volume at the Expense of Vigilance

In the US, healthcare breaches routinely impact millions: ransomware, phishing, and third-party contractor failures are endemic. In June, the Business Digital Index reported that 79% of the 100 largest US hospitals and health systems scored D or worse for their cybersecurity efforts, and 65% have had recent data breaches.

In 2024, the number of compromised records soared to over 276 million, driven largely by the unprecedented Change Healthcare ransomware attack, which alone affected an estimated 190 million people.

Centralized health databases, whether managed by government or private sector, increase risks: once breached, attackers gain everything from medical histories to addresses and Social Security numbers. Crucially, "patient consent" is too often a one-time checkmark rather than a living, enforceable guarantee.

Cybersecurity: Not Just a Technical Issue, but a Governance Crisis

Global experience shows a harsh truth: technological complexity and regulatory gaps create vulnerabilities that neither intention nor investment can easily overcome. The repeated pattern is remarkable:

• Aging infrastructure, ad hoc workarounds, and gap-filled security policies abound – from the UK's CDs-by-taxi for data transfer to cloud-synced tablets in hospitals.

• GDPR in Europe, Singapore’s laws, and the US’s HIPAA rules all struggled because of determined insiders, smart hackers, and slow government action.

• Most major breaches now involve either insider accidents or insufficient vetting of outside contractors, whose security hygiene goes largely neglected.

Toward a Realistic Health Data Future

The Trump administration’s vision promises convenience and control – but the reality, in global context, is that without ironclad design for privacy, enforceable limits, proactive auditing, and full lifecycle governance, these initiatives are less a leap forward than an open invitation for catastrophe. 

If the US wants to avoid joining the roll call of breached nations, it must look not just at high-level policy but at ground-level practice: minimize data collection, employ zero-trust security models, guarantee transparent opt-in/opt-out, and, critically, hire cybersecurity experts with the authority to override commercial and political imperatives.

Technoptimism and robust debate are essential, but blind faith in digital convenience is a failing strategy. The true test of health tech isn’t how sleek the app is, but how ruthless and relentless the system is in defending the last line: the privacy and dignity of every patient, everywhere. 

 Jurgita Lapienytė is the Editor-in-Chief at Cybernews, where she leads a team of journalists and security experts dedicated to uncovering cyber threats through research, testing, and data-driven reporting. With a career spanning over 15 years, she has reported on major global events, including the 2008 financial crisis and the 2015 Paris terror attacks, and has driven transparency through investigative journalism. A passionate advocate for cybersecurity awareness and women in tech, Jurgita has interviewed leading cybersecurity figures and amplifies underrepresented voices in the industry. Recognized as the Cybersecurity Journalist of the Year and featured in Top Cyber News Magazine’s 40 Under 40 in Cybersecurity, she is a thought leader shaping the conversation around cybersecurity. Jurgita has been quoted internationally – by Metro UK,  The Epoch Times, Extra Bladet, Computer Bild, and more. Her team reports on proprietary research highlighted in such outlets as the BBC, Forbes, TechRadar, Daily Mail, Fox News, Yahoo, and much more.