Been to the doctor lately? If so, you may have noticed that your medical records are no longer filed away in a dusty drawer, but electronically accessed through computer stations. The initiative to digitize patient records has been going on for the past few years and works – quite effectively – to ensure that all healthcare providers have identical and accurate information. A new survey, however, shows that that information may not be totally safe.
According to the survey, commissioned by Kroll Advisory Solutions, security breaches pertaining to digital medical records are increasing in number every year.
The survey found 27% of the respondents had at least one security breach over the past year, up from 19% in 2010 and 13% in 2008. The survey found 79% were attributed to employees, while most others were chalked up to actions from outsourced or contract employees. Over half of the problems were identified as "unauthorized access to information," typically the patient's name and birth date, by an individual.
The report says 31% of respondents indicated that information available on a portable device was among the factors most likely to contribute to the risk of a breach, up from 20% that said that in 2010 and 4% in 2008. Twenty-two percent of the respondents reporting a breach said the data was compromised when a laptop, handheld device or computer hard drive was lost or stolen, which is double the number who said this in 2010. [PCWorld]
While the vast majority of these breaches seem to be pretty harmless, as electronic medical records become ubiquitous, the potential for malicious breaches will increase.
- In 2009, 8 Million pharmacy patient records were stolen from a state-run database in Virginia. Hackers wiped the database and held the records ransom for $10 million.
- In 2011, 2,021 patient medical records were hacked at Beth Israel Deaconess Medical Center in Massachusetts after an IT professional failed to properly install security measures.
- In April 2012, around 200,000 patient medical records were stolen from the Utah Department of Health’s state computer system.