The Rising Threats to EHR Data Integrity

Evolving ransomware attacks pose a growing threat to the integrity of electronic health records, says Michael Hamilton, CISO at the security firm CI Security, who calls for heightened attention to EHR security.

If attackers alter patients' records, that could have a greater impact on patient care than the unauthorized disclosure of records, says Hamilton, the former CISO of the city of Seattle.

When healthcare entities, such as San Diego-based Scripps Health, are hit by ransomware and temporarily lose access to their EHR systems, organizations "want their records back, but they want to make sure those records haven't been changed," he says in an interview with Information Security Media Group. "If patient care is going to be impacted by records you can't trust, that's a problem."

Hamilton says the issue of records integrity could be "way more important" than other issues, such as privacy violations. "But I don't know that we're really focusing on it."

In the interview (see audio link below photo), Hamilton also discusses:

• Steps healthcare entities could take to bolster protection of EHR data integrity;
• Likely reasons why the full recovery by Scripps Health from its May 1 malware attack - which has been widely reported to have involved ransomware - has taken so long;
• Why the federal government needs to step up protection of the nation's critical infrastructure - including the healthcare sector - by treating cyberattackers as "terrorists, not criminals."

Hamilton, who is CISO at security firm CI Security, has more than 30 years of experience in information security. He's the former CISO for the city of Seattle and former vice chair of the Department of Homeland Security's State, Local, Tribal, and Territorial Government Coordinating Council. Hamilton also recently served as a policy adviser for the state of Washington Office of the CIO.