Physicians can expect criminals to increasingly target their electronic health records (EHRs) for patient information that they can sell on the black market for $50 per chart, warns the FBI.
The agency’s Cyber Division issued a memo earlier this month forecasting what already has become apparent with every hacked hospital Web site and stolen physician laptop — criminals see a golden opportunity in healthcare information technology. It’s an opportunity born of the mandatory shift to EHRs, laxer safeguards in healthcare compared with those in the retail and financial sectors, and “a higher financial pay-out for medical records in the black market,” according to the FBI.
The FBI memo is largely a compilation of findings from three information technology firms — EMC, the SANS Institute, and the Ponemon Institute, the latter two specializing in data security.
Citing a SANS Institute report released in February, the FBI stated that the healthcare industry “is poorly protected and ill-equipped to handle new cyber threats exposing patient records, billing and payment organizations, and intellectual property.” Almost all things digital in healthcare are getting compromised — radiology imaging software, medical devices, faxes, printers, virtual private networks, and routers. To make matters worse, healthcare information technology (IT) professionals believe that their defenses are adequate “when clearly the data states otherwise.”
The full Medscape article includes several common sense steps that can be taken to help to thwart data thieves.
Keeping date safe is not rocket science and using the types of ‘best practices’ used by most good sized businesses will go a long way towards helping to protect your data. Just like many HIPAA violations come stolen or lost thumb drives, EHR patient records can be lost the same way.
Creative Commons Image by Carlos Luz