Boston Children’s Hospital targeted by hacker groups
Data breaches of sensitive patient information ostensibly stored in electronic health record systems are a perennial threat to the health care industry. Cyber attacks in the retail sector have attracted attention in recent months, though the most harm may come in the form of attacks to the medical community.
With EHR adoption rising due to meaningful use stage 2 requirements, the software stores more and more pieces of identifiable, traceable patient data. Some organizations have made efforts to secure their networks, but the ever-changing nature of the Internet has cast doubt on those security measures. According to Modern Healthcare, the recent world-wide Internet bug known as "Heartbleed" could pose major threats to the health care industry. Patient information may be more subject to theft and illicit use.
Stealing passwords and shifting threats
When the Heartbleed bug broke in April, a piece of code used widely across the Internet for password storage systems suddenly became open for view by keen hackers. Many retail giants and tech companies urged consumers to change all of their log-in information on any sites that they happen to visit.
No notable events have occurred because of Heartbleed yet, but Michael Mathews, chief operating officer and chief technical officer of Texas-based health care IT security firm CynergisTek, told Modern Healthcare that the EHR information may be subject to increased risk now.
"I'm not saying all of them are vulnerable," Mathews said. "Anything you logged into and assumed was confidential could possibly have been eavesdropped on for the past two years. If it was exploited by the right people for nefarious reasons, it could be haunting us for years to come."
Mathews admitted that hackers cannot simply sit and fish for the right data, but must actively target it in a specific organization's network, so some patients may feel more at ease.
Remaining vigilant
Even though Mathews acknowledged the potential harm of the Heartbleed bug in accessing EHR information, Mac McMillan, chairman of the Healthcare Information and Management Systems Society's security task force, told Bloomberg BNA otherwise. Organizations that do not review their network security closely will have a difficult time, he said.
"This is an open door to run wild in a network," McMillan told the news source. "When you have a health system that is not monitoring its network closely and not paying attention to what its firewall logs are telling it, then you may not even know someone is there."