Thursday, December 27, 2012

Concerns Raised About Security Breaches in Electronic Medical Record Systems

Many of the electronic medical record systems hospitals and physician groups are rushing to install are vulnerable to security breaches from hackers, finds a year-long investigation by the Washington Post reported in yesterday's edition of the paper. The report cited security researchers who warned that "intruders could exploit known gaps to steal patients' records for use in identify theft schemes and even launch disruptive attacks that could shut down critical hospital systems." Avi Rubin, technical director of Johns Hopkins University's Information Security Institute, said he has "never seen an industry with more gaping security holes." While major breaches of hospital record systems have been rare to date as hackers focus on corporate and military systems, Department of Homeland Security officials told the Post that they are concerned that medical systems offer "an inviting target to activist hackers, cyberwarriors, criminals, and terrorists."

Part of the problem, Rubin noted, is a lax security culture in which physicians and other medical staff "sidestep basic security measures, such as passwords, in favor of convenience." Vulnerabilities in medical records software from several manufacturers were identified during the investigation, with the companies acknowledging the gaps and fixing the problems. Last July, the report notes, a consortium of hospitals, health plans, pharmacies, drug companies, and government agencies responded to the growing security threat by establishing the Health Information Trust Alliance to defend against "cyber crime, cyber espionage, and cyber activism."

Read the full report here. For more information about electronic health record systems, see Psychiatric News here and here.

(image: Mike Flippo/


The content of Psychiatric News does not necessarily reflect the views of APA or the editors. Unless so stated, neither Psychiatric News nor APA guarantees, warrants, or endorses information or advertising in this newspaper. Clinical opinions are not peer reviewed and thus should be independently verified.