Home The Real Story of Cloud-Based Health Record Security Breaches

The Real Story of Cloud-Based Health Record Security Breaches

Michael Koploy, an analyst with the excellent consultancy Software Advice, has put together this week some interesting data that shows the true story of security breaches concerning electronic medical records. He found that contrary to popular opinion, storing this information online makes this information no more insecure than, say, accessing your bank account. Many of the exploits had to do with common, unsexy things such as stealing paper records and laptops or hard drives from doctor’s offices containing patient information.

Koploy’s article is worth taking a closer look. The US Department of Health and Human Services is publishing all breaches that involve more than 500 people. There are close to 300 violations on its “wall of shame” that cover a wide variety of situations. To his surprise, most of the more egregious ones involve petty theft and carelessness:

  • 6,800 paper records that were supposedly mailed but never received;
  • An impostor posing as a recycling-service employee stealing over 1,300 individuals’ records and films; and,
  • A laptop stolen by a former employee that contained personal health records of over 50,000 patients.

Four thefts over 2009-2011 account for more than six million medical records being compromised, and each of these four have nothing to do with cloud-based systems being compromised. These four events together account for more than half of the records reported by HHS where patient data potentially was exposed.

When he drills down to find any cloud-based incidents, he could only find seven events involving electronic medical records, including one situation where a truckload of hard drives was lost in transit on their way to being destroyed. “All seven violations involved on-premise systems. Considering the flack cloud systems have received, in general, this is a great vindication for the cloud.” He states that paper records and physical security are still the weak links in any medical records system, not the cloud. “Web-based EMRs eliminate the most common security risks because there aren’t physical files to be compromised.”

This shows how sometimes it is worth taking a closer look at the data before jumping to any conclusions. “I bet more hackers want my credit card information than my HDL/LDL ratio.” (That’s cholesterol, not computing!)


About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.