Blog
← Back to Blog
February 15, 2022 medical

Your EHR Is Your Most Valuable Asset. Treat It Like One.

Electronic health record security and HIPAA compliance

Healthcare remains the most targeted industry for cyberattacks, and the primary target within healthcare organizations is the electronic health record system. EHR data is worth more on the black market than credit card numbers because it contains everything an identity thief needs: names, SSNs, dates of birth, insurance information, and medical histories that never expire.

A stolen credit card can be cancelled. A stolen medical identity is permanent.

Why EHR Data Is So Valuable

  • Black market value: A complete health record sells for $250-1,000 on the dark web, compared to $5-10 for a credit card number
  • Longevity: Medical data doesn't expire or get cancelled like financial credentials
  • Versatility: Can be used for insurance fraud, prescription fraud, identity theft, tax fraud, and blackmail
  • Completeness: One EHR record contains more personal information than any other single data source

Common EHR Security Gaps

Excessive User Access

Most EHR systems support role-based access, but many practices don't configure it. Every user has access to every patient record. A compromised account or a malicious insider can access the entire database.

Fix: Configure role-based access. Front desk sees demographics and scheduling. Clinical staff sees clinical records for their patients. Billing sees financial data. Nobody sees everything unless their role requires it.

Weak Authentication

Username and password only. Shared accounts. Generic logins like "frontdesk" or "nurse1." These practices make it impossible to track who accessed what and provide no defense against credential theft.

Fix: Individual accounts for every user. MFA for EHR access, especially remote access. Automatic session timeout after inactivity.

Unencrypted Data

EHR data stored on unencrypted servers, transmitted over unencrypted connections, or backed up to unencrypted media. A stolen server or intercepted transmission exposes everything.

Fix: Encryption at rest (database encryption, full disk encryption) and in transit (TLS for all connections). Encrypted backups.

Inadequate Audit Logging

HIPAA requires audit logs tracking who accessed what patient data and when. Many practices either don't enable audit logging or never review the logs. Without audit logs, you can't detect unauthorized access or demonstrate compliance.

Fix: Enable comprehensive audit logging. Review logs regularly (or use automated monitoring). Investigate anomalies: after-hours access, bulk record views, access to VIP patient records.

EHR-Specific Best Practices

  1. Patch your EHR software promptly. EHR vendors release security updates. Apply them within 30 days.
  2. Secure the database. Whether your EHR uses SQL Server, MySQL, or a proprietary database, harden it: change default credentials, restrict network access, enable encryption.
  3. Backup the EHR separately. Your EHR backup should be tested independently. Verify you can restore the database and that patient data is intact.
  4. Plan for EHR downtime. What happens when the EHR is unavailable? Have paper-based fallback procedures documented and practiced.
  5. Include EHR in your risk assessment. Your HIPAA risk assessment should specifically address EHR security controls, vulnerabilities, and threats.

Your EHR is the most valuable data asset in your practice. Secure it accordingly.