Page 15 - Delaware Medical Journal - November 2017
P. 15
CYBERSECURITY
Cybersecurity — Protecting Your Electronic Health Records � Jeremy A. Wale, JD
With the increased use of technology comes increased risk of cyberattacks. Anything transmitted or stored electronically is at risk of being stolen by a hacker.
Many people don’t believe — or understand why — medical information is valuable or at risk. According to a compilation of data breach statistics, there were 781 security breaches in the United States in 2015. Of those, 35.5 percent were breaches of medical or health care information. Shockingly; though, these 277 breaches accounted for 66.7 percent of all records accessed or 112,832,082 individual records.1
Large health care systems, hospital networks, and individual health care clinicians have all been attacked, but the size of the entity is no clear indication of the size of the breach. For example, one Blue Cross Blue Shield attack yielded only 801 records, while the Anthem, Inc. breach yielded approximately 78.8 million records. Alternatively, a dermatologist in
New York practicing alone was the subject of two separate breaches, exposing more than 25,000 patient records.1
WHY ARE MEDICAL RECORDS TARGETED?
Medical records seem to be targeted because they contain
�������������������������������������������������������
social security numbers, health information, and family information. This gives thieves more potential uses for the stolen information, including applying for credit cards, store accounts, or other lines of credit. They also can use the information to steal health care services. These are just a few reasons why a medical record can fetch up to $50 on the black market, while a credit card number may only earn $5.2
Another example of how valuable a medical record may
������������������������������������������������������������
advertisement to sell ten Medicare numbers. “It costs 22 �����������������������������������������������������������3
The transition to electronic health records has given criminal hackers more opportunities to steal medical ��������������������������������������� for a hospital system in Salt Lake City states his hospital system “fends off thousands of attempts to penetrate its ��������������������4
Another reason is ease of access.
Some hospitals and physicians are using systems that have not been updated in more than ten
years.4 While hospital systems and health care providers adjust to ICD-10 implementation and meaningful use, cybersecurity seems to be falling through the cracks. Many health care systems �������������������������������������������������3 Once a
hacker penetrates whatever security the system does have, the unencrypted information is there for the taking.
Criminals also use stolen medical records to fraudulently bill health care insurance providers and Medicare/Medicaid. The victims may not discover the theft for several months — or even years. In some instances, victims have received debt collection requests for medical services they never received.
WHAT CAN YOU DO TO SAFEGUARD ELECTRONIC MEDICAL RECORDS?
When implementing or updating an EHR system, talk to your vendor about cybersecurity. Ask whether the stored information is encrypted. It also is a good idea to determine if or when the vendor will provide security updates for your EHR software.
Organizations may need to “invest more money and employee ��������������������������������������������������������������5 Cybersecurity is a highly specialized area that requires a certain expertise. Your EHR vendor may be able to provide some
Jeremy A. Wale
Del Med J | November 2017 | Vol. 89 | No. 11
335
