Organizations that have discovered the value of electronic health records (EHR) are learning—sometimes the hard way—that the security of those records is important, too.

As it turns out, with all the value EHR provides to a company, it provides a lot of value to hackers as well. For example, while the going price for a “hot” credit card number on the black market is about $5, a “hot” medical record goes for about $50, according to Arthur Allen in Politico.

Healthcare records are so valuable because they can’t be turned off as easily as credit cards, reports CBS News. “If you lose your credit card, we all know you call ‘1-800 I lost my card’ and they turn your card off,” Dr. Robert Wah, president of the American Medical Association and chief medical officer at CSC, a healthcare technology company, said on a recent broadcast. “There is no ‘1-800 I lost my health record’ and you can’t turn off all that rich information that’s in your health record.”

Consequently, like robbers who target banks because that’s where the money is, hackers are targeting health records. And as with security in general, studies are finding that criminals, rather than accidents or disgruntled insiders, are now becoming the primary source for healthcare data loss.

“45 percent of all data breaches in healthcare are due to criminal activity such as cybercriminal and nation-state hacks, malicious insiders, and physical theft, a 125 percent increase in such activity over the past five years,” writes Kelly Jackson Higgins in Dark Reading, citing a recent Ponemon Institute study.

Major insurers such as Anthem, Premera, and CareFirst BlueCross BlueShield, as well as the Community Health Systems hospital chain, have been hacked in the past year, compromising about 95 million patient records, writes Allen.

Stealing personal health information (PHI) means that people can use someone else’s identification, insurance policy, and more to buy medical care for themselves, or to file false claims for reimbursement. “Medical identity theft increased by a whopping 21.7 percent in 2014,” writes Sara Peters in Dark Reading, citing a different Ponemon Institute study.

“Crooks use medical records for identity theft, medical insurance fraud and plain old financial thievery,” Allen writes. The people whose PHI gets stolen then get dinged for the bill, or the medical provider gets stuck with it. 65 percent of the victims had to pay an average of $13,450 each to resolve the issue, the study found. Some people also lost career opportunities and even their jobs, Peters adds.

But the problem with stolen PHI goes beyond mere money. People can find incorrect information in their health records that can end up causing them problems down the line.

“The majority of people still don’t understand the serious risk of medical identity theft,” writes Rick Kam of ID Experts, a healthcare security consulting firm, in Healthcare IT News. “They don’t understand that while a credit card can be quickly and easily replaced, their medical identity can take years to be restored. When their records become polluted, patients can be misdiagnosed, mistreated, denied much needed medical services, or billed for services not rendered. Medical identity theft can literally kill you.”

Other Politico findings include:

  • Each hacked record could cost a company around $20 in legal costs and credit protection.
  • Hacks already cost the healthcare industry about $6 billion a year.
  • An estimated $2 billion worth of health-related cyber insurance was sold last year, and the market is growing at 20 to 25 percent a year.

Despite all the thefts in the past year and resulting costs, some CIOs say they have trouble convincing management that EHR security is needed. In addition, some healthcare organizations say they can’t afford to implement the kind of security they need.

Experts cited by Allen said healthcare companies should be spending at least 10 percent of their information technology budgets on security, while companies that are just getting started should be spending up to 40 percent. But the industry average is about 3 percent, he writes, leading to expenses such as the high cost of insurance.

Moreover, losing customers’ EHR can result in losing them as customers as well, Peters warns. “Healthcare providers should take note, because about half of respondents said they would change providers if they had their records stolen, and 80 percent wanted to be reimbursed for the money spent to mitigate the damage,” she writes.

What can organizations implementing EHR do to make sure the records are protected?

The value that EHR provides is too important to give up. Give it the protection that it’s worth.


Simplicity 2.0 is where we examine the intricate and transitory world of technology—through a Laserfiche lens. By keeping an eye on larger trends, we aim to make software that’s relevant to modern day workers, rather than build technology for technology’s sake.

Subscribe to Simplicity 2.0 and follow us on Twitter. If what we’re saying piques your interest, head over to Laserfiche.com where you’ll see how we apply the lessons learned on Simplicity 2.0 to our own processes, products and industry.

Machine Learning

Learn how machine learning can be the driving force for digital transformation in your organization.

Listen Now

Related Articles

By Sharon Fisher, November 16, 2017

Digital transformation and artificial intelligence? As it turns out, they're two great tastes that taste great together. Here's how they help your company.

Read More

By Sharon Fisher, November 02, 2017

Customer experience includes the “journey,” the path customers take to interact with a firm. Digital transformation lets you streamline this journey.

Read More

By Sharon Fisher, October 19, 2017

Nearly everyone will tell you that to be successful in business, you need to be innovative. But what does being innovative really mean?

Read More