News | September 30, 2007

Study: Healthcare Industry Must do More to Protect EHRs

October 1, 2007 - The board of the eHealth Vulnerability Reporting Program recently reported the results of a fifteen-month study assessing the security risks associated with electronic health record (EHR) systems, evaluating current industry information security practices and assessing level of risk related to EHR systems, finding that commercial EHR systems are vulnerable to exploitation given existing industry development and disclosure practices.

In all cases, evaluated EHR system vulnerabilities could be identified using standard tools and techniques. Subsets of these vulnerabilities were exploited to gain control of the application and access to data to demonstrate the potential consequences. EHR vendors are either not disclosing or inadequately disclosing system vulnerabilities to customers, preventing organizations from appropriately managing risk or implementing compensating controls.

No industry organization could be identified that has established guidelines or practices to appropriately mitigate and manage risks associated with ehealth systems. Also, no industry organization could be identified that has the responsibility, charter or mission to address security vulnerabilities in ehealth systems.

The study was supported by various working groups, penetration testing resources and demonstration sites and was overseen by a board of advisors. The study included a survey of over 850 provider organizations and penetration testing of seven ehealth systems, including five CCHIT certified ambulatory EHR systems. The evaluation and testing was performed on EHR systems targeting small, medium and large practices. It was not intended to be representative of a specific EHR system, but to understand the type and severity of vulnerabilities, and practices and processes implemented by vendors and customers to mitigate security related issues.

For more information: www.ehvrp.org

Related Content

Study Points to Need for Performance Standards for EHR Usability and Safety
News | Electronic Medical Records (EMR) | July 18, 2018
A novel new study provides compelling evidence that the design, development and implementation of electronic health...
Drchrono EHR Partners With Ambra Health for Medical Imaging Access
News | Remote Viewing Systems | March 14, 2018
drchrono Inc. announced a new partnership with Ambra Health to give physicians and radiologists direct access to...
Cerner is extending its population health, clinical and administration portfolio with an integrated solution that combines Salesforce Health Cloud and Marketing Cloud with Cerner’s HealtheIntent, its big data platform.
News | Electronic Medical Records (EMR) | March 06, 2018
Cerner announced a new collaboration with Salesforce, a global leader in customer relationship management (CRM). Cerner...
electronic medical records
News | Electronic Medical Records (EMR) | June 15, 2017
During the first quarter of 2017, Black Book surveyed 140 chief information officers (CIOs), 159 chief financial...
News | PACS Accessories | April 25, 2017
April 25, 2017 — ImageMoverMD announced the availability of ImageMover Media, a universal, web-based solution to...
ECRI Institute, top 10 patient safety concerns, 2017 report, information technology, healthcare
News | Information Technology | March 24, 2017
Safe implementation of new technologies and therapies accompany classic patient safety challenges on ECRI Institute's “...
Logicalis Healthcare Solutions, Epic service desk, HIMSS17
News | Electronic Medical Records (EMR) | March 06, 2017
March 6, 2017 — Logicalis Healthcare Solutions announced in February a new service desk offering – Service Desk for E
HIMSS Leadership and Workforce Survey, HIMSS17, electronic medical records, EMR, health information technology
News | Electronic Medical Records (EMR) | February 21, 2017
A new study from the Healthcare Information and Management Systems Society (HIMSS), unveiled at the 2017 HIMSS...
Logicalis Healthcare Solutions, top five cybersecurity issues, CIOs, chief information officers, HIMSS17
News | Electronic Medical Records (EMR) | February 10, 2017
With the Healthcare Information and Management Systems Society’s annual meeting (HIMSS17) scheduled for Feb. 19-23 in...
Logicalis US, healthcare CIOs, enterprise imaging, value-based care, new white paper, seven tips
News | Enterprise Imaging | January 20, 2017
To help healthcare chief information officers (CIOs) examine the important role enterprise imaging plays in value-based...
Overlay Init