What does the U.K. health record hack mean for eHealth security?
What if someone gets a hold of your banking information? What if your account passwords are stolen? These are worries that plague every person who has ever had their information online — they are also relevant to the world of Electronic Health Records(EHR).
EHR might not be something that the average person uses on a daily basis, however, it is as important as our banking information or any social media account. EHR systems contain information that is more sensitive than much of our daily data and it can be dangerous if it falls into the wrong hands.
An American abroad, who might have been in an accident, can’t wait for their health information to be found, scanned, and emailed over to the emergency room. With EHR systems, doctors have immediate access to health information, and that can be the difference between losing a limb or losing a life.
Now imagine if that information was not available. That is exactly what happened recently during the hospital hacks in UK. According to reports, “the malicious software locked British hospitals out of their computer systems and demanded ransom before users could be let back in — with a threat that data would be destroyed if the demands were not met”.
This has led to people wondering whether EHR is a good idea, if it’s safe. But, what needs to be stressed is that what happened in the U.K. hospitals was not a regular hack. Most intelligence agencies have come out saying that the technology used to break into the hospital system was stolen NSA equipment – which then sent out phishing scam emails.
You might wonder why such a sophisticated NSA software was used to hack into EHR data… Health data is 50 times more valuable than average data in the black market – hackers use it for a multitude of forms of identity fraud.
Protection protocols should address two, distinct components: system and users. While most of the EHR systems are compliant to latest safety and security protocols, the weakness usually lies with the user. Most users and practices seem to believe that once they buy a secure compliant system, they are safe.
The main issues regarding wearables, IoT and healthcare are privacy and data security (including access and reliability. #IBATech
— Abel Revoredo (@AbelRevoredo) May 18, 2017
No system is a 100% secure, but there are a few things we, as users, could change to lower the risk of an attack.
- Users – be they medical staff or IT experts – should understand the importance of strong passwords and their rotation.
- Each person should only have access to the resources they need to perform his or her duties.
- EHR systems, including any operating system security patches, should be kept up to date.
Avoid using same systems for personal business, and avoid clicking or opening suspicious links.
Data security is a big issue in every industry, but good service providers can help lead the way.
— blueEHR | Health IT (@zhhealthcare) June 15, 2017
A secure system vendor improves on the industry’s acceptable’ security standards and compliance procedures like continuous backups and data replication, with storage in separate geographical locations in case of a disaster. A quality vendor will ensure that they have state of the art intrusion detection, including artificial intelligence and machine learning – and it goes without saying that data is encrypted in transit and at rest.
Regardless of data security risks, EHR systems and Electronic Medical Records (EMR) are still the safest way to transfer information.
EHR and EMR are far superior to the old method of having physical copies. Why? Because we live in a globalized age, in a world where everything is connected. Healthcare coordination becomes critical and time saves lives – integration with a networked healthcare ecosystem is critical.
This networking imperative destroys the argument many providers give for being “off the grid.” Several practices and institutions believe that having an “onsite system” is more secure than being on the cloud. This is like saying that your life savings is more safer under a mattress then it is in a bank.
While unfortunate, the U.K. hack brought attention to the importance of data privacy in all aspects of healthcare – including EHR – and it elevated the privacy conversation worldwide. As health systems managers become more aware of the risks, it is even more important that EHR providers analyze their own systems and invest in educating their customers.
In the end, it makes these eHealth solutions more integrative and better for everyone, from the patient to the doctor to the healthcare IT experts.
- 3A’s (Aggregate, Analyze and Act) of Healthcare ITSep 19 , 2019
- Telemedicine – Benefits and ChallengesSep 04 , 2019
- Health Data Exchange StandardsJul 31 , 2019
- Telehealth: Technology meets HealthcareApr 11 , 2019
- Integrated Care: The Future of Behavioral HealthMar 29 , 2019
- Troubles with Getting Mental Health Help and InsuranceMar 15 , 2019
- 7 Things to do to Protect Against Ransomware AttacksAug 08 , 2018
- Oh EHR, how can we love thee?Apr 20 , 2018
- What’s in Store for Practice Fusion UsersJan 31 , 2018
- What is precision medicine? And how can EHR help?Jan 05 , 2018
- What’s the SOAPware alternative?Dec 15 , 2017
- Artificial Intelligence, EHRs and the future of health technologyNov 02 , 2017
- ACA Executive order’s impact on EMR and eHealth technologyOct 25 , 2017
- EHRs and Mental Health: What Needs to Change?Sep 29 , 2017
- American Medical Association (And Others) Unhappy With EHR ProvidersSep 22 , 2017
- A Celebration of Citizenship DaySep 18 , 2017
- Amazon’s Stealthy Foray Into the World of EHRAug 18 , 2017
- Google, the Gender Gap and Personal ResponsibilityAug 10 , 2017
- Neal Patterson and the Mission of Health ITJul 21 , 2017
- The Myth About Motivating People To PerformJul 14 , 2017
- Fragmented health data and personalized medicine: What to do?Jul 07 , 2017
- Apple’s Venture Into the World of EHR SoftwareJun 23 , 2017
- What does the U.K. health record hack mean for eHealth security?Jun 15 , 2017
- Why Doctors need an All-rounder Healthcare Solution?Mar 19 , 2016
- Are we ready for data-driven healthcare?Mar 12 , 2016
- Using Medicare And Private Sector Claims Data for Patient care QualityFeb 26 , 2016
- The Doctor must “Evolve” with the TechnologyFeb 26 , 2016
- The 2015 Practice Profitability IndexFeb 25 , 2016
- ‘Mind Your Risks’ – The NIH health campaignFeb 22 , 2016
- Middle East and Arab Health 2016Feb 03 , 2016
- Medical Billing in 2016Jan 08 , 2016
- CMS publishes 2014 National Health ExpendituresJan 02 , 2016
- Results from the Practice Profitability Index 2015Dec 16 , 2015
- This National Diabetes Month, you have a role in diabetes education and supportNov 26 , 2015
- Safe Texting in HealthCare: Do’s & Dont’sNov 18 , 2015
- Is TeleMedicine the future of healthcare ?Nov 13 , 2015
- Evaluating specific KPIs can improve business performanceNov 09 , 2015
- 50 Years of Medicare: More than 55 million Americans covered by MedicareSep 23 , 2015
- How Much Does Healthcare Cost Matter To A Patient?Sep 18 , 2015
- How does Affordable Care Act Change Your Practice?Sep 11 , 2015
- A ‘Don’t Do’ List to avoid patient no-showsAug 21 , 2015
- Add more patients and grow your medical business in 5 easy stepsAug 05 , 2015
- Medicare Trust Fund is now protected by the Fraud Prevention SystemJul 16 , 2015
- ICD-10: A Short StoryMay 19 , 2015
- Patient portals and patient engagement: Is there a link?Apr 21 , 2015
- Meaningful Use Stage 3: First LookApr 07 , 2015
- 6 Ways Physicians can Free Patient RecordsMar 17 , 2015
- Is the EHR market saturated?Dec 04 , 2014
- 5 Benefits of healthcare information exchanges for small practicesApr 22 , 2014
- New Study shows EMR Adoption Increases Patient Confidence, Loyalty and SatisfactionApr 22 , 2014
- Cloud-Based EMR Vendors and Patient Data SecurityApr 22 , 2014