The recent attacks on Blue Cross of Idaho and Palmetto Health spotlight the importance for healthcare entities to diligently safeguard all data, says former healthcare CISO Mark Johnson of the consultancy LBMC Information Security.
The attacks “underscore for me that the healthcare industry needs to protect the entire environment, not just their large systems like the EMR,” he says. “Anything that connects to a network needs to be secure. This novel approach of redirecting funds is just another example of the need to protect everything, from the EMR, to medical devices to physician portals.”
Still, data contained in EMRs is also at great risk of being used for financial crimes if they’re breached, he notes. “If you think about the data in a medical record, i.e. name, data of birth, Social Security numbers, address, etc., this would be a natural place for hackers to get that information to do all kinds of things, including tax fraud,” he says.