September 13, 2012
There was a large amount of news that surfaced a few weeks ago discussing the incident where a hacker was able to penetrate the Surgeons of Lake County, a northern Illinois medical practice, and obtain medical records of their patients. This news illustrated the need for companies to highly protect their EMR systems with enhanced security. While the medical industry and healthcare sector is making a strong push forward to digitize their workstations and medical practices, the need for highly sophisticated security systems also come to the forefront of the conversation.
The specific details of the incident include the hacker physically breaking into the server room of the small medical practice and installing a password on the medical records, demanding ransom money in exchange for the password. Over 90 percent of data breaches are caused by user error and careless mishandling of critical data and information. This is common among financial institutions and larger businesses that contain client’s financial records. Simply securing the mainframes and servers in a highly secured room or section of the medical practice is the small amount of proactive measure that can keep your electronic medical records safe.
The most common problem that we see deals with the way medical facilities store their information. This is the security measure they oftentimes fail to provide around the systems. Typically, medical offices and healthcare providers are unaware of the dangers that can be caused by the mismanagement of data storage. Building added security into these systems therefore becomes a major concern and focus for the further development of this software going forward.
For this reason alone, medical software receives constant updates and patches installed on the software. The interesting part of electronic medical storage security is the fact that when patient records were once stored in massive filing cabinets, many felt that the files were more secure than today’s digital world. However, it is up to the software development company to ensure the software is secured, and the medical staff must be educated on how to protect valuable technology.
The proactive measures that software companies and practices take part in can help protect the integrity of the system and the security of the data contained in the system. Taking an active role in the physical security of the databases and mainframes is cheap insurance for ensuring there are no data breaches.