Cybersecurity sleuths have discovered computer information on a website popular with hackers that could compromise the electronic health records of numerous providers--including hospitals, nursing homes and physician practices--according to an article in the Wall Street Journal.
San-Mateo, Calif.-based intelligence security company Norse Corp found information--including computer Internet addresses, healthcare organization firewall passwords, and types of equipment used in computer networks--on the website 4shared.com. This information makes it easy to then hack into the networks, according to the Wall Street Journal. The computer networks of 375 healthcare providers were compromised in September and October 2013 alone, some of which likely ended up on the site, Norse Corp surmised.
For instance, the information of three New York area nursing homes that the Wall Street Journal found on the site likely were posted by people who gained access to SigmaCare software, designed by eHealth Solutions, according to the article.
EHRs are particularly vulnerable to security issues in large part because healthcare organizations still fail to adequately protect their computer systems, leaving their electronic data the most vulnerable, according to the Office for Civil Rights (OCR). Many providers also aren't conducting proper security risk analyses, required not only by HIPAA's security rule, but also by the Meaningful Use program. Failing to conduct such an analysis is a sure fire way to fail a Meaningful Use audit.
The number of breaches of patient information due to hacking is on the rise, already accounting for 7 to 8 percent of security incidents reported to OCR, according to Susan McAndrew, deputy director for Health Information Privacy at OCR, who spoke at the National HIPAA Summit earlier this month.
To learn more:
- read the Wall Street Journal article (subscription required)