HHS Names Top 6 Threats to EMRs & Measures Covered Entities Should Take to Block Them 

Updated on April 19, 2022 by Jordan McGlone

Share this article!

As our society becomes increasingly reliant on technology, hackers are finding more and more ways to exploit vulnerabilities in electronic systems. This is especially true in the healthcare industry, where electronic medical records (EMRs) contain a wealth of sensitive patient information. EMRs make patient data shareable and combine patient history records to enable a better quality of care. 

The healthcare industry continues to improve thanks, in part, to the advantages of using EMRs. These include reducing the likelihood of errors, improving coordination of care, increasing efficiency, and reducing costs. However, the very features that make EMRs so beneficial also make them vulnerable to attack. 

What Are the Potential Risks to EMRs? 

EHRs are at risk because of a variety of problems, including user-related issues, financial issues, and design defects that make it difficult to use them as a strategic instrument for delivering healthcare services. Some of the top risks connected to electronic health records include: 

• Data breaches, 
• Patient privacy liability, 
• Vulnerability to hacking, 
• Data loss, 
• Inaccurate transcription from paper to digital, 
• Causing treatment error or malpractice. 

The top data breaches reported by the U.S. Department of Health and Human Services from last year illustrate how widespread and how significant the problem is. 

“In 2021, HHS received reports of data breaches from 578 healthcare organizations, impacting more than 41.45 million individuals. The following list is of organizations with the most individuals affected: Florida Pediatric Health Pediatric Organization, Florida Vision Care Provider, Wisconsin Dermatologist, Texas Health Network, Indiana General Health Provider, Ohio Pharmacy Network, Georgia Health Network, Nevada University Health Center, New York Anesthesiologist, New York Medical Management Solutions Provide…In January 2022, 38 organizations reported nearly 2 million individuals were impacted by data breaches.” 

Why Is Healthcare Data Targeted by Hackers? 

Healthcare data that is covered by HIPAA regulations includes names, birthdates, social security numbers, physical addresses, email addresses, healthcare beneficiary numbers, medical records and IP addresses, full-face photos, and biometric identifiers. insurance account numbers, There are a number of reasons why healthcare data is such a desirable target for hackers. First and foremost, this data is incredibly valuable. It can be sold on the black market for a high price, used to commit fraud, used to steal a patient’s identity, data laundering, extortion, or to blackmail patients or healthcare organizations. 

Another reason why healthcare data is targeted is because it is often poorly protected. Healthcare organizations are often slow to adopt new security measures, and they may not have the budget or resources to invest in robust security. This makes it relatively easy for hackers to gain access to healthcare data. Additionally, healthcare data is targeted because of the sensitive nature of the information that it contains. This information can be used to exploit patients or to interfere with their care. 

What Are the Major Threats to EMRs Today? 

Both physician-hosted EHR systems and systems hosted remotely in the cloud are vulnerable to a number of different threats that healthcare organizations should be aware of when it comes to EMR security. These include: 

1. Ransomware: Ransomware is a type of malware that allows hackers to gain access to a system and then encrypt the data. The hackers will then demand a ransom from the healthcare organization in order to decrypt the data. “In 2020, at least 2,354 U.S. government, healthcare facilities and schools were impacted by a significant increase in ransomware. The cyber-attacks caused significant disruption across the healthcare industry,” according to the HHS Cybersecurity Program. 
2. Phishing Attacks: Phishing is a type of social engineering attack that involves sending fraudulent emails or text messages that appear to be from a legitimate source. These messages often contain links or attachments that, when clicked, will install malware on the victim’s system. 
3. Malware: Malware is a type of software that is designed to damage or disable a system. It can be used to delete data, encrypt data, or even take control of a system. 
4. Insider Threats: Insider threats refer to employees or contractors who have legitimate access to an organization’s systems and data. However, these individuals may misuse this access for malicious purposes. 
5. Encryption Blind Spots: Many healthcare organizations encrypt their EMR data. However, there are often blind spots in these encryption systems. This can allow hackers to access unencrypted data if they are able to exploit a vulnerability. 
6. Cloud Threats: Cloud-based EMR systems are becoming increasingly popular. However, these systems can be vulnerable to attack if they are not properly configured or secured. 

What Preventative Measures Shoud Healthcare Organizations Can Take? 

There are a number of steps that healthcare organizations can take to improve their security posture and protect their EMR systems from attack. These include: 

• Implementing strict security policies and procedures: All healthcare organizations should have strict security policies and procedures in place. These should be regularly reviewed and updated to ensure that they are effective. 
• Educating employees: Employees should be educated on the importance of security and the dangers of clicking on links or opening attachments from unknown sources. They should also know how to report suspicious activity. 
• Investing in robust security measures: Healthcare organizations should invest in robust security measures, such as firewalls, intrusion detection systems, and encryption. 
• Regularly backing up data: Data should be regularly backed up to avoid loss in the event of an attack. 
• Keeping software up to date: Software should be kept up to date to ensure that the latest security patches are installed. 
• Monitoring systems: Systems should be monitored for suspicious activity. 
• Working with a reputable security partner: Healthcare organizations should work with a reputable security partner who can help them to identify and mitigate risks. 

Related article: EMR Integration Challenges for Doctors Offices. 

HIPAA-Compliant EMR Integration for Phone Answering Services 

 
When you work with PatientCalls, your healthcare organization is working with an accredited third-party vendor. All of our doctors’ office call answering services and inbound call management for healthcare networks are HIPAA compliant to support patient privacy and data security. 

About The Author

Jordan McGlone

Jordan has more than seven years of experience working for PatientCalls and a strong background in the healthcare answering service industry. He designs directive plans to fit the unique structure and activities of healthcare organizations, while ensuring that communications are efficient, compliant with HIPAA privacy and security regulations, and support optimal patient care.