Accessing E-Health Records A Child’s Play for Hackers

Cyber-terrorists can infiltrate into several e-health records and change them without the knowledge of the programs rightful clients, indicates a recent report by an organization concerned for EHR weaknesses.

The non-profit organization EHVRP (E-Health Vulnerability Reporting Program), created in 2006, released the summary after 1 and 1/2 years research evaluating the security threats linked with EHR systems.

The study shows that minimal hacking knowledge is enough to penetrate a computer, steal information and cause modifications, like changing medicine doses or erasing records.

However, the executive summary of the report states that the threat could be radically decreased if flaws are identifiable and proper security checks are ready. The report also stated that the EHR systems are less susceptible to cyberpunks as compared to applications software utilized in other businesses. But medical program users are surprisingly ignorant to flaws and have spent lesser funds on IT security from their revenue, as per the study by EHVRP.

Vendors of EHR software are urged to check their systems' safety measures regularly and report any detected flaws to users. Vendors usually take very long to rectify flaws.

The study by EHVRP is leading a new organization that will concentrate on health IT security safety. Daniel Nutkis, EHVRP board member and a Dallas consultant, said that the healthcare sector is working to become more patient and organized in handling IT security matters.

He added that several companies, comprising suppliers, medical instrument makers, electronic health record vendors, IT security marketers, health plans, and drug companies, have started to make an organization to tackle and guide all information security problems confronting the US healthcare business.

The organization will concentrate on information security techniques, pattern and strategy, whilst conforming to the present global standards and certification norms.

Despite the Certification Commission for Healthcare IT examines EHR items for security, the report said that the testing wasn't divulging the weaknesses. The EHVRP performed penetration testing on seven systems, subsuming five licensed by CCHIT.

Southern California-based HealthCare Partners Medical Group's system was also checked. Leo Dittemore, the IT security directors with the company, informed that the scrutiny exposed flaws, later removed by safeguards like intrusion -prevention system.

The report also carried a study of 850 health care supplier organizations.

Related article: ACMA Unleashes SpamMATTERS - the New anti-spam Button

» SPAMfighter News - 9/29/2007