Are Electronic Medical Records the Next Hacker Target?

In the very near future, Electronic Medical Records will bring patient data to the cloud. New provisions inspired by the Health information Technology Act will make sweeping adjustments to how hospitals handle data, and what information is available to doctors and patients.

Anytime there is a user base that grows large enough to get some notoriety, that database is at risk of data breaches. Hackers target these large databases looking for information about a person that can be sold, like user credentials to a bank account or a user’s credit score and other identifying information. Patient privacy is a huge concern going into the healthcare debate, and as records transition to digital, this expectation of privacy will only grow. Though the usage of EMRs is expected to impact the quality of health care over the coming years, new practices in security will be required to keep the machine running in peak form.

What is EMR?

Health records are currently recorded by hand, and usually in some rudimentary digital form. A hospital or a doctor’s office might maintain a patient spreadsheet with history of treatment, or a word doc with summaries of each visit. This data is digital, but not freely available to the healthcare community. EMR programs are designed with hospital staff in mind. The programs help staff identify and tag patient ailments through codes, helping to minimize keystrokes and cut down on human error when entering new information.

Under new changes brought on by the Affordable Care Act, all of that patient data will move to cloud storage. IT staff will help build a network large enough to support this data exchange, and staff is being trained on its usage. There are several advantages to both patients and doctors with this new system:

·  Doctors can see a patient’s history quickly, without bothering other practices.

·  Patients enjoy better services, including faster prescriptions and more access to health data.

Poor Antivirus Software

Like any terminal, this system is vulnerable to viral infections. Careless browsing habits, malicious downloads and hardware factors all pose a risk to patient data. Viral security that relies on heuristics can help secure a system. Heuristics identify suspicious files as they are encountered, checking the files on a user’s machine against a database of viral definitions. Once a match is found, the virus is dealt with according to the methods of disposal.

A comprehensive anti-viral suite like Trend Micro Internet security works by establishing a baseline for performance. When anomalies cause that threshold to go below the baseline, the software kicks into action and reviews the most recently downloaded files. The ability to detect and protect against viral infections is extremely important, as one malicious download can have legal consequences for a hospital.

Infected Devices from Outside

STUXNET was a viral infection that was shown to destabilize Iran’s nuclear reactors, causing irreparable harm to Iran’s nuclear program. The method of transfer involved a clever usage of hardware. By infecting an employee’s home computer, the hackers were able to proxy a viral infection into the place they really wanted to strike. Third party hardware, like flash drives, may need regulation as EMRs find widespread adoption. 

Hardware and software hacks make a network equally vulnerable. Hospitals will need to create a protocol for what devices can be used on the network, and carefully restrict access to employees. Any IT professional will tell you that the lowest point of access is just as dangerous to your network as a high-level terminal with admin access.