HealthcareCISO

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center has issued a threat brief warning about the risks associated with electronic health record systems, which are often targeted by cyber threat actors.

Cyberattacks on EHRs can be extremely profitable for cyber threat actors. EHRs usually contain all the information required for multiple types of fraud, including names, addresses, dates of birth, Social Security numbers, other government and state ID numbers, health data, and health insurance information. No other records provide such a wide range of information. The information contained in the systems has a high value on the black market and can be easily sold to cybercriminals who specialize in identity theft, tax, and insurance fraud. Malware, and especially ransomware, pose a significant threat to EHRs. Ransomware can be used to encrypt EHR data to...