- Value: A medical record is worth over 7x that of a credit card number on the black market.
- Availability: Providers particularly have done a poor job of securing their IT infrastructure as they have moved to electronic records. The problem is now the records are potentially available to millions of people with a simple security exploit, versus having to break into a building to access a paper chart.
- Security: As mentioned above, security has consistently been an after thought as providers have implemented EHR without considering the serious security implications and therefore committing the financial resources to the solutions.
- Maturity: The healthcare industry is less mature than other compliance related industries such as banking, finance and government generally in IT and specifically in IT security. The lack of maturity, combined with the other factors leads to a general lack of understanding, awareness and training.
The hackers are keenly aware of these issues, and understand how to exploit the end users who have access to data. They also understand the weaknesses in security and how to both exploit the social backdoors that can then exploit the security backdoors. Some of these include simple items such as users having administrative credentials to their local computers, thus allowing a hacker to fully control and exploit the workstation.
Linked here is a great document put together by OCR on Ransomware. We strongly suggest reading this, and utilizing it for training with your staff, leadership and physicians:
http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Additionally we cannot stress enough how critical it is to subscribe to our compliance services which include:
New services being added for future clients, and can be added for existing include:
Contact and talk to your vCIO to understand your services and what you should be doing, if you are not today.