Fraudsters and hackers target computerized medical records.
The nation’s push to computerize medical records has failed to fully address longstanding security gaps that expose patients’ most sensitive information to hackers and snoops, government investigators warn.
Two reports released Tuesday by the inspector general of the Health and Human Services Department find that the drive to connect hospitals and doctors so they can share patient data electronically is being layered on a system that already has glaring privacy problems. Connecting it up could open new pathways for hackers, investigators say.
The market for illicit health care information is booming. In recent years, the case of a former UCLA Medical Center worker who sold details from the files of actress Farah Fawcett, singer Britney Spears and others to the National Enquirer gained notoriety.
Most cases don’t involve celebrities or get much attention. Yet fraudsters covet health care records, since they contain identifiers such as names, birth dates and Social Security numbers that can be used to construct a false identity or send Medicare bogus bills.
The shortcomings in the system “need to be addressed to ensure a secure environment for health data,” said the main report, adding that the findings “raise concern” about the effectiveness of security safeguards for personal health care information.
The inspector general has not issued general security requirements for the computer systems at hospitals and doctors’ offices, systems on which the information would be created, shared and stored. It’s a little like putting a big lock on the front door of the house, but leaving the garage door open.
To underscore the point, the second audit examined computer security at seven large hospitals in different states and found 151 security vulnerabilities, from ineffective wireless encryption to a taped-over door lock on a room used for data storage.
Link:
http://www.washingtonpost.com/politics/hhs-inspector-general-says-push-for-electronic-medical-records-overlooks-some-security-gaps/2011/05/16/AFpaH54G_story.html