The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) recently issued a report entitled “Electronic Medical Records in Healthcare” that discussed security risks applicable to electronic medical records (EMRs) and electronic health records (EHRs). EHRs and EMRs are prime targets for cyber attackers because protected health information (PHI) can be sold on the dark web or black market.

EHRs and EMRs are vulnerable to external security risks, including phishing attacks and ransomware, as well as insider threats and user error. HC3 urged healthcare entities to take common-sense steps including educating employees, verifying external requests for data before sending it, and encrypting data to be transferred to external cloud applications.

Organizations should also implement cyber incident response plans in case of attack. The report recommended that “healthcare leaders shift their focus by moving beyond a prevention strategy and creating a proactive preparedness plan.”