Hackers Are Targeting Medical Records: Be Prepared

Posted by Ryan Richard

Hackers cost the medical industry over $6 billion per year, and that number is steadily growing, according to an IT security researcher, the Ponemon Institute. Because the protections are lax at physicians' practices and at hospitals, they are easy targets. And, combined with that, with one person's medical record commanding up to $1,000 on the darknet, this industry is a ripe target. Compare this to $0.25 for a credit card number and $0.10 for a social security number.

How and Why Hackers Are Targeting Medical Records

All industries have a shortage of cyber-security people. However, the medical industry, just started going digital in about 2010 and is very late to the game. This makes it even harder for it to get the hardware and/or software in place to protect medical records. A senior director at Healthcare Information & Management Systems Society, Rod Piechowski, stated that health care cannot compete because it was so late to the digital game.

Furthermore, health care records pose an industry-specific problem. These records must be available all of the hospitals, doctors and other medical personnel involved in patient care. Additionally, the records must be available to the patient. These records not only include the patient's insurance information, social security number, name and birth date, but also medical information that may be highly confidential, especially in the cases of high profile people.

When banking, attorneys, financial services and retail were going digital, the health care industry was still using handwritten charts. It wasn't until the Affordable Health Care Act mandated electronic records that the health care industry started going digital. And, once the industry had its electronic systems, it could not attract the IT talent needed to protect those systems, due to the industry-specific issues mentioned previously.

Electronic Health Records

The benefits of electronic health records, or EHRs, is that allows doctors and hospitals to more efficiently treat a patient as they have quicker access to the patient's medical records. As of mid-2017, over 96 percent of critical care hospitals and over 83 percent of regular hospitals have adopted EHRs. Despite the security issues, using EHRs does away with the fragmentation and other inefficiencies that got in the way of good patient care.

However, digital records also bring about another problem: data breaches and attacks from internal sources. Most of the unauthorized access come from billing specialists, nurses, doctors and administrators who do have legitimate access, but use the access for financial gain, revenge or just because they are curious. Of the 450 breaches in 2016, only 120 of them were from outside hacking.


In some cases, outside hackers get into a hospital's system and encode all of the files. The hospital cannot operate since they do not have access to important patient records. In cases such as this, EHRs become burdensome. Hospitals may also keep paper records, so that should their digital records system becomes compromised, they can still continue on with patient care since they have the paper records.

However, what do you do with all of those paper records once you are no longer obligated to keep them? Since those records contain confidential patient information, they should be professionally shredded. Carolina Shred is able to shred old patient records and notes. And, if you need to upgrade your computer systems, we also shred hard disc drives and other digital storage mediums including CDs and DVDs.

Carolina Shred also shreds x-rays and other film-based records. If you don't have a shredding solution for patient records, whether they are films, digital records or paper records, .