Cybersecurity and Electronic Health Records

EHR as a critical target

By Charles Parker, II

In the enterprise/traditional IT, there are the production networks. These must be up and operating at

all costs. Without this in the business operations, not much is produced or sold. As a tool to defend

against ransomware and other attacks, there are dedicated backups, policies, and procedures. In a

perfect world, these would be checked periodically not only to verify they are present but also the

backup data is viable when used.

In hospitals, there are EHRs (Electronic Health Records) used several times a day by the nursing staff for

patient care. Among other data, these hold the patients’ prescriptions and dosage, which the nursing

staff cannot get wrong. Liberty Hospital in MO recently had a cybersecurity issue with their HER. They

were able to get this back up and running. This purely exemplifies the need for HER backups. Imagine

you are the administrator for the hospital or rehabilitation center. You get the call at 4pm on Friday

from IT. The staff member starts with “We have a problem.” Of the next few sentences, all you

remember is “encrypted” and “ransomware”.

While taking time and resources to try the backup, this option is certainly better than finding out the

backups are not viable after the attack begins. Wondering if the backups are viable in our present

environment is not optimal.

About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries