Every year, the total number of breaches that occur to private networks increase. Government networks, school networks, and even hospital networks are finding themselves the target of digital attacks. With the potential for millions of dollars in damages, there has never been a greater need to secure a network of privately held information.
This is especially true when we consider hospital records. An Electronic Health Record (EHR) is a patient record where all relevant information regarding the patient’s health is kept. Set into guidelines outlined in HIPAA and then backed by the Department of Health and Human Services (HRSA), Electronic Health Records represent private information that is required by law to be kept safe. When a breach occurs, the hospital may find itself liable to fines.
So, how do data breaches occur? Let’s track three of the most common ways that people have stolen information from a hospital in the past.
- Inside Job
When considering Health Information Technology and the potential risks to information being stolen, few people consider the staff of the hospital as a potential source of leaked information. However, the majority of offenses that occur where people’s personal records are incorrectly accessed come from individuals within the hospital looking into the patient records of other people of interest. While hospitals do their best to crack down on this, it is hard to directly address a problem that utilizes the system correctly but for the wrong reasons. These forms of inside job data breaches do not typically result in a greater data breach and mostly are low-level offenses that may result in termination or a reprimand of the employee. If the employee uses this information in an unlawful way, then there may be subsequent criminal proceedings taken against the employee.
- Stealing The Hardware
The Benefits of HIT have led to countless hospitals adopting mobile platforms to better access patient records on the go. The benefit of using things like tablets are that the doctors can take the records with them, and update them in real time. However, having mobile platforms means the possibility of theft. For the most part, encryption on the machine as well as one the servers used makes it impossible for anyone to access patient records. However, if the person attempting to steal the information knew enough about coding and encryption, they could find a way around the blocks on the device. Still, it may require them getting the device back to the hospital to use it to steal records. Either way, stealing the hardware is not as common as you may think, and rarely results in the large-scale data breaches we have seen in the past.
- Malware Attacks From Afar
Malware attacks are the most common way people steal information. Typically, a person can infect a computer from afar with malware that gives them some control over the operation of the computer. Over time, this control can expand into other key systems, eventually making it possible to steal large amounts of patient information. Malware attacks typically require a little bit of time to set up, and a competent HIT worker may be able to catch what is going on before it happens. Malware attacks have resulted in the most damaging and expensive attacks done to hospitals. It has led to several instances where patient information was held hostage until the hospital agreed to pay out. Combating these breaches require expertise and understanding on the part of the technicians working for the hospital. It requires staying up to date and effectively problem solving issues that may develop over time.