Alarming Cases of Health Data Breach: EHR Systems Fall Easy Prey to Cybercriminals

by | Published on Apr 13, 2015 | EHR/EMR

Health data breach is a dreaded concern for all entities handling healthcare data of patients, whether in the medical, legal, insurance or other sectors. Healthcare documentation is often required for review purposes and it calls for failsafe security measures during retrieval, evaluation, transfer and storage. Security experts remain concerned about massive data breaches that may be lurking amidst efforts of people trying to protect health data. There is solid reason for this apprehension – cybercriminals use highly sophisticated techniques to wreak havoc.

Events unfolding one after another show the healthcare industry in really bad light. In February this year, Associated Press reported how hackers broke into Anthem’s network and compromised the personal records of almost 80 million customers. They cybercriminals are said to have obtained the credentials of five Anthem technology workers and via targeted phishing campaigns duped network administrators into disclosing login information, or clicking a link that allowed the hackers access to their computers. Experienced security experts point out that the healthcare industry is not yet prepared for a cyber attack and is more vulnerable than other industry sectors in spite of the enthusiastic drive for implementing electronic healthcare records.

Alarming news has surfaced once more with Premera Blue Cross, a major healthcare services provider, disclosing that its network has been broken into and the financial and medical records of 11 million customers compromised. The harrowing concern is that the criminals may have accessed highly sensitive information including the patient’s name, date of birth, address, telephone number, social security number, bank account information and claims information including clinical information. As yet, they have no proof to indicate that the stolen data is being used inappropriately. The leading health service provider said that it would notify all affected customers in letters sent by postal mail. Moreover, it would also offer two years of free credit monitoring services for customers.

The problem is, as the above mentioned security experts point out, healthcare and pharmaceutical companies do not consider cyber security as a strategic business issue. Consequently they do not invest sufficient resources to safeguard their data.

These incidents call for the need of effectively securing the networks and internet-connected devices of healthcare organizations. The federal government has expressed alarm at the large number of breaches occurring – the records of at least 31.7 million people have been exposed since the U.S. Department of Health and Human Services made reporting compulsory in September 2009. The largest HIPAA settlement to date is the $3.3 million penalty imposed on the New York Presbyterian Hospital for a compromised server.

Discover our medical record review solutions and partner with us for your next case.

Related Posts

The Electronic Health Record – Its Medical and Legal Importance

The Electronic Health Record – Its Medical and Legal Importance

Whether to understand the type of care provided to the patient, for medical record review, for obtaining billing information, or for information exchange, electronic health records or EHRs are much more efficient and convenient that traditional paper records. One of...

The Electronic Health Record and Medical Negligence Concerns

The Electronic Health Record and Medical Negligence Concerns

Earlier, one of the major concerns when providing medical record review services was the illegible handwriting of physicians. The electronic health record was introduced and made mandatory with a view to improve the quality of care, reduce medical record errors, and...