Hackers want electronic health records and they’re targeting smaller institutions with less protection in order to get them, according to a Feb. 16, 2017, article published in Modern Medicine.
The article quoted healthcare cybersecurity expert Michael Ebert, a partner at consulting firm KPMG who said firewalls are insufficient to handle hacker threats. According to the article, Ebert said physicians should use software that encrypts data, segregates levels of access to EHRs and monitor who accesses records. Ebert also said most physicians need to boost their processes and technology to guard against evolving cyberthreats, including training staff to regularly change passwords and prevent phishing attacks.
According to a June 30, 2016, Computerworld article by Lucas Mearian, “1 in 13 patients will have their records stolen after a healthcare provider data breach.”
“Cyberattacks will cost hospitals more than $305 billion over the next five years and one in 13 patients will have their data compromised by a hack, according to industry consultancy Accenture,” Mearian wrote in the article. “And a study by the Brookings Institution predicts that one in four data breaches this year will hit the healthcare industry.”
Accenture’s website stated that among healthcare consumers who experienced a breach, about a third of them had their Social Security number stolen. “The same percentage had contact information or electronic medical records compromised,” Accenture’s website stated.
Furthermore, 21% of the group changed providers while 19% sought legal counsel, according to the website.
In January, Atlanta-based Emory Healthcare was hacked by the Harak1r1 the 0.2 Bitcoin Ransomware. It was discovered by MacKeeper security researcher Chris Vickery, according to an article by Jessica Davis published Jan. 6, 2017 in Healthcare IT News. “The data appeared to be orthopedic and clinic workflow records,” Davis wrote in the article. “All files included names and addresses. Some included emails, birth dates, medical record numbers and cell phone numbers. The time stamps of the files are dated from 2015 – 2016. These types of files are often used for medical fraud and forging medical bills.”
The hacker in the incident conducted a mass-scan to identify unprotected MongoDB databases, and held for ransom more than 200,000 patients’ private information.
In a search of hacked medical records, privacyrights.org reported 17.8 million personal healthcare records were compromised between 2005 and 2017. In a search of 2016 to present, 2.6 million healthcare records were hacked, representing 137 breaches.