Breached EHR: A Gift that Keeps on Giving
Health facilities are enumerated and attacked with regularity due to the target, medical records, having a distinct value. Another vulnerability that exists in varying degrees are the legacy systems still in use with their own respective issues along with relevant employee infosec programs. These legacy systems may simply be outdated, patches may or may not be pushed to the current level, or their protocols are outdated.
These factors lead up to the perfect storm for the enterprise and consumers. These allow for the deviants to consistently work to find the vulnerabilities and weak points. Once breached the fun begins for the consumer. With the health records, once these are secured post-breach the records may be sold repeatedly. There is no statute of limitations as to how many times these may be sold. In effect, this issue could resurface for decades or a lifetime.
This aspect of the breach has not been overly research. Generally the focus has been the initial breach, how many records were stolen, the data from each record involves, etc. The long-term effect to the long-term victim, the consumer, has not been explored at length. With each person’s records being sold, they could go through the same process of disputing the false insurance claims, collection calls for any unpaid balances, etc. This can be costly, financially and time-wise, for the consumer. The consumer may also be focused with secondary, ancillary issues, i.e. further identity theft, credit card fraud, tax fraud, and other significant issues.
Medical record system breaches are never pleasant. This provides its own level of terror for all the innocent parties involved.
About the Author
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.