Hacking into EHRs is too easy, group says

Hackers can access many electronic health records and modify them without the knowledge of the software’s legitimate users, according to a new study by an organization concerned about EHR vulnerabilities.

The eHealth Vulnerability Reporting Program, a nonprofit organization formed in 2006, issued a summary of its findings during a 15-month study assessing the security risks associated with EHR systems.

It found that basic hacking skills would be sufficient to enter a system, retrieve data and make changes, such as altering medication dosages or deleting records.

However, the “risk of vulnerability exploitation can be dramatically reduced when vulnerabilities are known and appropriate security controls are in place,” the report states.

For the most part, EHR systems are no more vulnerable to hacking than similar applications are, the report states. However, medical providers are less aware of those vulnerabilities and spend less money on data security as a percentage of their revenues, according to the report.

The organization recommended that EHR software vendors conduct more testing of their systems’ security and disclose any vulnerabilities they find to the public. Vendors also need to fix those vulnerabilities in a more timely fashion, the report states.

About the Author

Nancy Ferris is senior editor of Government Health IT.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.