With the emergence of electronic medical records, the amount of intimate data being stored on any given patient is enormous. This begins with identifying information such as age, race, sex, social security information, billing information, etc. Such data is invaluable to identity thieves and marketers alike. Last week it was reported that a group of hackers broke into the Emory Health Care System and stole the records of at least 77 patients at an orthopedic clinic.
Alarmingly, the hospital IT department did not detect nor identify any security problems. The security breach was picked up by an ongoing case being pursued by the FBI. In a statement by a hospital spokesperson for the Emory Health Care System, the intentions of the thieves were revealed, ”According to the IRS this information appears to have been subsequently used for the filing of fraudulent federal tax returns with the intent of collecting associated tax returns."
Despite the perception of being a secure network, I find it amazing that such security breaches could occur without any clue of its occurrence by the IT department. This event speaks volumes as to the distance we have to go to prevent the compromise of highly sensitive patient data.
As I continue through my HITECH program, I learn every day about a new creative way hackers have accessed such sensitive data. Creating a secure system truly is a monumental task requiring both education of health care workers, increased hardware and software resources, and a better trained more prepared IT team. Along with creating a unified language as being one of our nation's largest hurdles for system-wide EMR implementation and adoption, top-rated health IT security will prove to have an equally immense resource cost.
No comments:
Post a Comment