Health IT pros warn of network vulnerabilities during 'cyberwar'

Fans of doomsday scenarios, gather 'round. It may not be hackers that present the greatest threat to EHR databases, but terrorist groups or rogue regimes, a hospital IT director told federal officials last week.

Testifying Friday before the federal Health IT Standards Committee, Chad Skidmore, director of network services for Spokane, Wash.-based Inland Northwest Health Services, said that the thought of someone seeking to infiltrate the U.S. health system and cause public chaos "keeps me up night and fairly scared." Skidmore said he imagines a malevolent cyber-attacker could, for example, delete notations that patients are allergic to penicillin, putting people at risk of a serious allergic reaction. Such an attack in a "cyberwar" against the U.S. would "destabilize the population" and cause widespread fear, he added.

According to Skidmore, healthcare organizations are particularly vulnerable to cyber attacks because they tend to invest less in information security than other sectors of the economy do.

A health IT professional from Intermountain Health Care in Salt Lake City told the committee that security concerns have been heightened by increasing reliance on cloud computing since it's more difficult to keep track of where data reside and to perform maintenance. "Who do you call when the cloud is down?" wondered Ryan Smith.

To learn more about threats to health IT systems:
- read this NextGov story