America’s medical records systems flirting with disaster

America’s medical records systems may be poised for big time hacks, according to experts who monitor crime in cyberspace. A hack that exposes the medical and financial records of hundreds of thousands of patients is coming, they say – it’s only a matter of when.

While a stolen credit card or Social Security number fetches $1 or less on the black market, a person’s medical information can yield hundreds of times more.While a stolen credit card or Social Security number fetches $1 or less on the black market, a person’s medical information can yield hundreds of times more, the World Privacy Forum claims. Thieves want to hack the data to gain access to health insurance, prescription drugs or just a person’s financial information.

The issue, however, has yet to capture attention on Capitol Hill, which has been slow to act on cybersecurity legislation.

“What I think it’s going to lead to, if it hasn’t already, is an arms race between the criminal element and the people trying to protect health data,” said Robert Wah, president of the American Medical Association and chief medical officer at the health technology firm CSC. “I think the health data stewards are probably a little behind in the race. The criminal elements are incredibly sophisticated.”

Criminal attacks on health data have doubled since 2000.The health care industry is trailing banks and retailers in their digitization efforts. Most hospitals and doctors have gone from paper to electronic health records (EHRs) in the space of a few years while gobbling up $24 billion in federal incentive money provided under the 2009 Health Information Technology for Economic and Clinical Health Act.

This year alone, the Identify Theft Resource Center has identified 353 breaches, almost half of which occurred in the health sector. The Ponemon Institute, which is an industry leader in data security, says that criminal attacks on health data have doubled since 2000. The healthcare industry is least prepared for a cyber-attack, according to the security ratings firm BitSight Technologies. It [industry] had the highest volume of threats and the slowest response time, leading the FBI in April to issue a warning to health care providers…

[Via: Politico]