25 million patient records were reportedly compromised in 2016 making it the banner year for electronic health record breaches. 88 breaches occurred in the last three months alone amounting to 458,639 patient records compromised from October through December.
And consumers are wary.
Over half of consumers who’ve experienced physician or hospital technology such as patient portals were reported as being wary of their health information being stored online, and due to the low evidence of overall benefits of these technologies, concerns are justified. In fact 12,090 members of the H.I.T. community agree that the seeming benefit of EHR technology doesn’t create a large enough impact on the healthcare system to justify the risk.
But most breaches are not happening specifically to EHR systems, which are considered newer and safer, but to other peripheral systems and data bases storing PHI that are connected to the internet. These often older legacy systems represent a passing era of healthcare technology that is more problematic to protect.
Other common breaches were stolen portable devices such as hard drives, laptops and memory drives, but this is quickly changing. 2016 saw more malware, ransomware, and active hacking along with some other entirely new ways that health records can be compromised that could have even more far reaching effects.
Notable breaches reported in 2016 include Blue Shield of California (affecting 21,000 individuals); Ft. Myres (records of 2.2 Million patients were breached); Newkirk Products (unauthorized access of member ID cards put the ePHI of 3.3 million insured members at risk); as well as Boston’s Codman Square Health Center where an employee from an outside vendor ended up with (unauthorized) access to the HIE: New England Healthcare Exchange Network (with 4,000 patient records being accessed.) Cyber criminals are learning to bypass perimeter security, pose as authorized users, and access hospital systems, sometimes gaining indefinite access.
The solution lies not only in high-tech, but low-tech is also part of the equation. The need to train doctors and healthcare workers to be aware of the types of links that they click, and to become more educated on how they are becoming increasingly vulnerable––making healthcare workers smarter makes it harder for the bad guys to win.
Security needs must rise to meet a new generation of challenges. Patients want to access to their health records online, and doctors need access to patient records for emergency and medical purposes. Stopping tomorrow’s hackers will require new, unprecedented levels of security. Will 2017 see an increase in PHI breaches, or a decrease?