As reported last Friday on the AAMI website, the FBI earlier this month released an alert warning healthcare providers of a high level of risk for data security as adoption of electronic health records accelerates:
“In a private industry notification (PIN) dated April 8, the bureau stated that the move away from paper records ‘will create an influx of new EHR coupled with more medical devices being connected to the Internet, generating a rich new environment for criminals to exploit.’ The FBI highlighted as a crucial date January 2015, which is the deadline for EHR adoption by health professionals and acute-care hospitals that are participating in a federal incentive program administered by the Centers for Medicare & Medicaid Services.”
In its alert, the FBI said that because the healthcare industry is not as “resilient to cyber intrusions [as] the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.” While this assessment is similar to that noted in the recent Verizon cybersecurity report, the FBI cites more-worrisome evidence that the industry is already suffering from significant breaches.
Citing a published report from a private security organization, it stated that “63% of the health care organizations surveyed reported a data breach in the past two years with an average monetary loss of $2.4 million per data breach.” Another report, the FBI said, indicated that “in the first half of 2013, over two million health care records were compromised, which was 31% of all reported data breaches.” The same report claims that “cyber criminals are selling the information on the black market at a rate of $50 for each partial EHR, compared to $1 for a stolen social security number or credit card number.”