Electronic medical and health records face various threats in the healthcare sector. Understanding these threats can help healthcare organizations to implement effective cybersecurity measures.
According to a study on Health Records Database and Inherent Security Concerns, “ The use of electronic health databases has grown exponentially in recent times and has eased the ability to share and access patient information. However, security and privacy concerns can pose a severe problem when third parties access sensitive information. With expanding demand in healthcare information storage, retrieval, and delivery process comes the need for more information security.”
Understanding EMRs and EHRs
Electronic medical records (EMRs) and electronic health records (EHRs) are two terms often used interchangeably in the healthcare industry. While they share similarities, there are subtle differences between them. An EMR refers to the electronic entry, storage, and maintenance of digital medical data, while an EHR encompasses a broader range of patient information, including demographics, test results, medical history, and medications.
Read more: EMR or EHR? What's the difference?
Threats to EMRs and EHRs
Here are some of the top threats facing EMRs and EHRs:
Phishing attacks
Phishing attacks are social engineering techniques used by threat actors to deceive individuals into revealing sensitive information. In the context of EMRs and EHRs, healthcare professionals may receive fraudulent emails or links that trick them into disclosing login credentials or downloading malware.
Malware and ransomware attacks
Malware and ransomware attacks pose a risk to EMRs and EHRs. Malware can enter healthcare networks through software vulnerabilities, encrypted traffic, downloads, or phishing attacks. Ransomware, a type of malware, can lock users out of their systems until a ransom is paid. These attacks can lead to data theft, system damage, and disruptions in patient care.
Encryption blind spots
Data encryption is necessary for securing EMR/EHR data during transmission. However, encrypted traffic can create blind spots that threat actors can exploit to avoid detection. Healthcare organizations need to implement encryption strategies and ensure they have visibility into encrypted traffic to detect and mitigate potential threats.
Cloud threats
With the increasing adoption of cloud services in healthcare, protecting EMR/EHR data stored in the cloud is imperative. Healthcare organizations must implement security measures and ensure compliance with regulations like the Health Insurance Portability and Accountability Act (HIPAA) to safeguard patient data.
Insider threats
Healthcare organizations should have cybersecurity strategies in place to educate employees, enhance administrative controls, monitor system access, and implement data encryption. Regular audits and monitoring can help detect and mitigate potential insider threats.
Read more: Insider threats in healthcare
Protecting EMR and EHR data
Given the risks and consequences associated with EMR/EHR breaches, healthcare organizations must take proactive steps to protect patient data. Here are some strategies that healthcare leaders should consider:
Evaluate risk before an attack
Healthcare leaders should conduct risk assessments to identify vulnerabilities in their digital infrastructure. Understanding potential weaknesses allows organizations to develop preparedness plans and implement appropriate security measures.
Use VPN with multifactor authentication (MFA)
Implementing a virtual private network (VPN) with multifactor authentication adds an extra layer of security to remote access and protects against unauthorized entry. Healthcare organizations should prioritize the use of VPNs and regularly patch vulnerabilities in VPN platforms.
Develop endpoint hardening strategy with EDR
Healthcare organizations should develop an endpoint-hardening strategy to enhance the security of their digital infrastructure. This strategy involves implementing multiple defense layers at various endpoints and using Endpoint Detection and Response (EDR) solutions to detect and mitigate cyber threats.
Engage cyber threat hunters
Threat hunting is a proactive practice that involves actively searching for threat actors or hackers within a network. Engaging cyber threat hunters can help healthcare organizations detect, prevent, and respond to potential cyber-attacks effectively.
Moving beyond prevention
Healthcare leaders should shift their focus from solely prevention strategies to proactive preparedness plans. This approach involves identifying vulnerabilities, implementing effective frameworks, and continuously monitoring and preventing potential cyber-attacks.
Protect emails and patient health records
Email security is necessary to prevent unauthorized access to patient health records. Healthcare organizations should invest in email security software to mitigate the risk of malicious attachments or links.
See also: HIPAA Compliant Email: The Definitive Guide
In the news
Ascension, a US non-profit health system, confirmed that its electronic health records (EHR) system experienced a ransomware incident on May 8, 2024. As a result, its EHR and various systems for ordering tests and medications were rendered inoperable. Despite this, Ascension hospitals and facilities remained open, utilizing manual processes and paper records for medical tasks. Some hospitals diverted emergency services to prioritize immediate triage.
Ascension is collaborating with cybersecurity experts to restore systems safely, although it anticipates a gradual return to normal operations. The attack was initially detected on May 9, prompting Ascension to engage Mandiant for investigation and remediation. Law enforcement and government bodies have been notified, including the Federal Bureau of Investigation and the Department of Health and Human Services. This incident shows the persistent threat posed by cyberattacks to healthcare organizations worldwide, indicating the need for unified cyber governance to defend against such threats.
FAQs
Why do cybercriminals target EMRs and EHRs?
EMRs and EHRs contain sensitive personal and medical information, making them valuable targets for cybercriminals. This data can be used for identity theft, insurance fraud, and even blackmail. The healthcare sector often has less cybersecurity measures compared to other industries, making these records easier targets.
How can ransomware affect EMRs and EHRs?
Ransomware can encrypt EMR and EHR data, making it inaccessible to healthcare providers until a ransom is paid to the attackers. This can disrupt healthcare services, delay treatments, and compromise patient safety.
How can patients contribute to the security of their EMRs and EHRs?
Patients can help secure their EMRs and EHRs by:
- Using secure, private networks to access their health records.
- Setting strong, unique passwords for health portal accounts.
- Being vigilant about sharing personal health information and only doing so with trusted entities.
- Reporting any suspicious activity or discrepancies in their health records to their healthcare provider immediately.
What should be done in the event of a data breach?
In the event of a data breach, healthcare organizations should:
- Immediately isolate affected systems to prevent further compromise.
- Notify affected patients and relevant authorities as required by law.
- Conduct a thorough investigation to determine the scope and cause of the breach.
- Implement measures to mitigate damage and prevent future breaches, such as enhancing security protocols and conducting staff retraining.
Farah Amod
