Threats to electronic medical systems come in multiple forms. One of the most common cyber security risks to all computer users is the email-related breach, since an email account could give an intruder access to a vast wealth of private information. According to the Evansville Courier Press, a hospital in Evansville, Indiana, was the victim of an employee email breach that may affect thousands of patients.
The facility in question, St. Mary's Medical Center, has attempted to help the possible victims of this breach by providing free identity protection services and sending letters warning of the consequences. The source says that about 4,400 individuals received the letters, and that some of the vulnerable data included Protected Health Information (PHI) like Social Security Numbers and date of birth.
This news comes around the same time as a report from the security company Agari, which claims that healthcare is in the bottom ranks for protection when it comes to email security. Combing through billions of emails, this company found that healthcare entities were likely to rank low for email security protocols.
In a Forbes article on the study, the CEO of Agari, Patrick Peterson, put these findings in the context of the recent Anthem insurance breach, in which email was part of the cause.
"Email was used to get in, and they sent emails to all the Anthem users," he said. When speaking about healthcare's inability to handle email security in general, Peterson said "It's just not how these companies were built and programmed. It's not their culture and the world they live in."
Dedicating more resources and time to avoiding HIPAA violations could help health providers work on their own records and make common communication practices like email less dangerous.