Back to Blog

What does the U.K. health record hack mean for eHealth security?

What does the U.K. health record hack mean for eHealth security?
15 June 2017

What if someone gets a hold of your banking information? What if your account passwords are stolen? These are worries that plague every person who has ever had their information online — they are also relevant to the world of Electronic Health Records(EHR).

EHR might not be something that the average person uses on a daily basis, however, it is as important as our banking information or any social media account. EHR systems contain information that is more sensitive than much of our daily data and it can be dangerous if it falls into the wrong hands.

An American abroad, who might have been in an accident, can’t wait for their health information to be found, scanned, and emailed over to the emergency room. With EHR systems, doctors have immediate access to health information, and that can be the difference between losing a limb or losing a life.

Now imagine if that information was not available. That is exactly what happened recently during the hospital hacks in UK. According to reports, “the malicious software locked British hospitals out of their computer systems and demanded ransom before users could be let back in — with a threat that data would be destroyed if the demands were not met”.

This has led to people wondering whether EHR is a good idea, if it’s safe. But, what needs to be stressed is that what happened in the U.K. hospitals was not a regular hack. Most intelligence agencies have come out saying that the technology used to break into the hospital system was stolen NSA equipment – which then sent out phishing scam emails.

You might wonder why such a sophisticated NSA software was used to hack into EHR data…  Health data is 50 times more valuable than average data in the black market – hackers use it for a multitude of forms of identity fraud.

What can be done to keep EHR data safe?

Protection protocols should address two, distinct components: system and users.  While most of the EHR systems are compliant to latest safety and security protocols, the weakness usually lies with the user. Most users and practices seem to believe that once they buy a secure compliant system, they are safe.

No system is a 100% secure, but there are a few things we, as users, could change to lower the risk of an attack.

  1. Users – be they medical staff or IT experts – should understand the importance of strong passwords and their rotation.
  2. Each person should only have access to the resources they need to perform his or her duties.
  3. EHR systems, including any operating system security patches, should be kept up to date.

Avoid using same systems for personal business, and avoid clicking or opening suspicious links.

Data security is a big issue in every industry, but good service providers can help lead the way.  


A secure system vendor improves on the industry’s acceptable’ security standards and compliance procedures like continuous backups and data replication, with storage in separate geographical locations in case of a disaster.  A quality vendor will ensure that they have state of the art intrusion detection, including artificial intelligence and machine learning – and it goes without saying that data is encrypted in transit and at rest.

Regardless of data security risks, EHR systems and Electronic Medical Records (EMR) are still the safest way to transfer information.

EHR and EMR are far superior to the old method of having physical copies. Why? Because we live in a globalized age, in a world where everything is connected. Healthcare coordination becomes critical and time saves lives – integration with a networked healthcare ecosystem is critical.

This networking imperative destroys the argument many providers give for being “off the grid.”  Several practices and institutions believe that having an “onsite system” is more secure than being on the cloud. This is like saying that your life savings is more safer under a mattress then it is in a bank.

While unfortunate, the U.K. hack brought attention to the importance of data privacy in all aspects of healthcare – including EHR – and it elevated the privacy conversation worldwide. As health systems managers become more aware of the risks, it is even more important that EHR providers analyze their own systems and invest in educating their customers.

In the end, it makes these eHealth solutions more integrative and better for everyone, from the patient to the doctor to the healthcare IT experts.