A JAMA article has warned that while digital health records have potential to improve clinical care, they could also lead to vast patient harm if not properly secured
Researchers from the Center for Quantitative Health at Massacheusetts General Hospital, US, looked at all documented breaches with the US Health and Human Services Office for Civil Rights between 1 January 2010 and 31 December 2017.
They included 2149 breaches comprising a total of 176.4 million records.
Individual breaches ranged in size from 500 to 78.8 million records.
The most common entity breached was a healthcare provider, with 1503 (70%) comprising a total of 37.1 million records (21%).
While health plan (health insurance) breaches numbered 278 (13%), these accounted for the largest share of breached records at 110.4 million (63%).
The most commonly breached media locations shifted from laptop, paper or films in 2010 to network server and email in 2017 – shifts that were paralleled by increases in hacking or IT incidents and unauthorised access.
“As the type of data breached shifted toward electronic records and away from paper records, the nature of the breach likewise shifted toward electronic means, such as hacking,” write Dr Thomas McCoy and Dr Roy Perlis in their research letter published in the Journal of the American Medical Association (JAMA).
“Although networked digital health records have the potential to improve clinical care and facilitate learning health systems, they also have the potential for harm to vast numbers of patients at once if data security is not improved.”
A cybersecurity expert has recently warned that with more medical information going online, healthcare is becoming one of the preferred targets for hacking.
A third (33%) of all breaches in Australia this year involved health information, says Nick Ellsmore, CEO at cybersecurity consulting firm Hivint.
Healthcare is more valuable than credit card numbers, he says, however this doesn’t mean systems such as My Health Record are automatically at high risk.
In fact digital records stored by small general practices and pharmacies are at higher risk, with data breaches more likely to affect small organisations.
It would actually be harder to hack large systems with strong security capacity such as Medicare and My Health Record, than to attack smaller pharmacies and medical centres individually, Mr Ellsmore explains.
His suggestions for pharmacies to avoid data breaches include:
- Have one of the bigger companies run your email server, don’t do it yourself. These will be better secured.
- Turn on two-factor authentication everywhere you get the chance. It is one of the single most effective controls you can put in place.
- Have up-to-date security patches.
Pharmacists are one of the most trustworthy professions in Australia – but that’s going to change really quickly if data isn’t protected, concluded Mr Ellsmore.