Earlier this summer The Surgeons of Lake County experienced a data breach that might have scary tellings for the future. Hackers breached their EHR system and instead of download the “payload” they encrypted the data in place, holding the key for ransom. This data breach doesn’t look like the normal data breaches we have seen.
“I think that this incident illustrates the beginning of a much larger phenomena. As we all know, medical practices are working tirelessly to implement electronic health record (EHR) systems in order to take advantage of funds available from the federal government for health providers that demonstrate “meaningful use”, as it is known. In their rush to use meaningful use dollars by the 2014 deadline, physician practices and their vendors may understandably be placing a lower priority on the privacy and security issues and risks that exist when moving patient data into new applications that will be used across the healthcare ecosystem. Therefore, vulnerabilities and weaknesses in their security architectures should be expected.”
This healthcare data breach incident is scary for multiple reasons… lack of security within the EHR system, the ease of which they accomplished it, and the fact that criminals now see EHR systems as a major vulnerability. Hackers generally select the weakest targets, like the raptors in Jurassic Park, they are constantly testing systems for weaknesses. In EHR systems, it seems they found one.