Menu

Electronic Health Records… Are they worth the risk?

2 Comments


When it comes to digitizing documents, it seems like healthcare would be a great place to start, wouldn’t it?

Doctors treating a patient can discuss potential courses of action.

Patients can access their test results from the comfort of their home.

It sounds like a dream.

However, research has shown that up to 90% of healthcare organizations experienced at least one data breach between 2013 and 2014. In that last year alone, subpar security standards and criminals compromised more than 122 million health records; affecting 33% of  Americans.

Infograph outlining how to assess the security of your data

Credit for the infographic: University of Illinois at Chicago >>

These data breaches and lacking security protocols, however, are damaging on a much deeper level than you may even imagine.

On a consumer level:

The Anthem Blue Cross hack of 2015 lost personally identifiable information (PII) for 80 million customers. This set of PII included:

  • names,
  • birth dates,
  • Social Security and medical ID numbers,
  • email addresses,
  • street addresses,
  • telephone numbers,
  • and employment data, including income.

For many victims, this would be enough stolen information for the hacker to successfully commit identity theft, but at least this particular instance of a healthcare organization breach did not seem to affect credit card and clinical data. The most common forms of fraud possible with clinical data are credit card and banking fraud. In this scenario, fraudulent transactions are made using a combination of medical records and other personal information.

For more on PII >>

More on the Anthem Blue Cross breach >>

On a national level:

The Premera Blue Cross breach of 2014 compromised the medical data and personally identifying information of 11 million victims. However, breaches like this are dangerous on a much larger scale as well, not only to individuals.

Criminals use stolen medical data in several criminal activities. Hackers commit health insurance fraud by using stolen medical records and tax fraud using pediatric records. Besides financial fraud, criminals also use stolen medical information for obtaining illegal access to:

  • medical supplies,
  • prescription medications,
  • and even medical services.

The records of the deceased can be particularly valuable since the fraud may go unnoticed for longer. James Scott, advisor to the U.S. Senate, House of Representatives and intelligence community, reports that ID kits created from PII and medical records can also be used for multiple forms of crime. These may include pedophilia as well as systemic crimes such as illegal immigration and launching more attacks using social engineering.

More on the Premera Blue Cross breach >>

For more on why hacked patient records are so valuable >>

TL;DR

For better or worse, electronic health records seem to be here to stay. To be fair, they do offer some benefits to patients, but at what cost?

Do you use electronic health records to view your scans and lab work?

Let me know below!

And if you found this post helpful, please be sure to share it with your loved ones and acquaintances alike. Online security benefits us all, and will only become more critical as technology’s presence grows in our community.

Get informed. Stay safe.

TheWhiteHatHACKER

Tags:

2 thoughts on “Electronic Health Records… Are they worth the risk?”

Leave a Reply

Your email address will not be published. Required fields are marked *

6 Shares
Share3
Pin2
Share1
Tweet
Share
Share
Reddit
Flip
Vote
Pocket