Medical record holders that have a data breach are required to report the
incident to the Department of Health and Human Services. *USA Today* has a
database of breaches from 2009-2022, searchable by provider name:
The scope of the problem is enormous. Every single health care entity I've
ever been involved with larger than an independent doctor's office has had
at least one breach.
On Tue, Feb 21, 2023 at 3:38 PM McDonald, Stephen <[log in to unmask]>
> I was hoping that someone with better knowledge than I would respond
> first, but I don't see anything yet.
> Charles, I don't happen to know of any analysis or comparison of the
> vulnerabilities of health portals. Hopefully someone else can provide
> You should be aware that there is a huge difference between hackers trying
> to get steal personal information and hackers using ransomware. As a
> general rule, ransomware attackers do not have and are not trying to get
> personal information. All they want is to lock you our of your computer
> until you pay them to regain access. Ransomware simply encrypts everything
> on the computer, making it impossible to access anything until right code
> is sent to the ransomware to decrypt it again. Sometimes all it takes is
> to click on the wrong link or opening an infected attachment to
> unintentionally install ransomware software and lock your system up.
> Breaking into databases to steal personal information is a much more
> involved and directed attack.
> That said, both hospitals and libraries have been the victims of hackers,
> both from ransomware and from database attacks to gain personal
> information. Library vendors have also been victims. Literally every
> computer on the planet is vulnerable to one degree or another unless they
> are disconnected from the network. Hackers have attacked everything from
> the Pentagon to the personal laptops of middle-schoolers. There is lots of
> good advice on the web on protecting computers against ransomware and other
> Steve McDonald
> [log in to unmask]
> -----Original Message-----
> From: Code for Libraries <[log in to unmask]> On Behalf Of charles
> Sent: Monday, February 20, 2023 10:31 PM
> To: [log in to unmask]
> Subject: [External] [CODE4LIB] Medical Records Portals - Hacking
> My esteemed listmates,
> Has anyone found reliable analysis and risk factoring of the
> vulnerabilities of health care (medical) portals?
> Health care professionals from doctor offices to hospitals all insist
> patients subscribe to their health care portal.
> That raises the question of how difficult is it for hackers to access your
> medical records?
> We’ve seen in the news how county governments have had to pay for the
> ransomware holding their operational software hostage.
> Is it such a stretch those nefarious characters could also hack our
> medical records and hold hospitals hostage?
> They could, conceivably, do the same with library materials patrons have
> checked out holding the county hostage for that info.
> Thank you.
> Charles Meyer
> Charlotte County Public Library
> Caution: This message originated from outside of the Tufts University
> organization. Please exercise caution when clicking links or opening
> attachments. When in doubt, email the TTS Service Desk at [log in to unmask]
> <mailto:[log in to unmask]> or call them directly at 617-627-3376.
Boston College Libraries
[log in to unmask]