I was hoping that someone with better knowledge than I would respond first, but I don't see anything yet.

Charles, I don't happen to know of any analysis or comparison of the vulnerabilities of health portals.  Hopefully someone else can provide something.

You should be aware that there is a huge difference between hackers trying to get steal personal information and hackers using ransomware.  As a general rule, ransomware attackers do not have and are not trying to get personal information.  All they want is to lock you our of your computer until you pay them to regain access.  Ransomware simply encrypts everything on the computer, making it impossible to access anything until right code is sent to the ransomware to decrypt it again.  Sometimes all it takes is to click on the wrong link or opening an infected attachment to unintentionally install ransomware software and lock your system up.  Breaking into databases to steal personal information is a much more involved and directed attack.

That said, both hospitals and libraries have been the victims of hackers, both from ransomware and from database attacks to gain personal information.  Library vendors have also been victims.  Literally every computer on the planet is vulnerable to one degree or another unless they are disconnected from the network.  Hackers have attacked everything from the Pentagon to the personal laptops of middle-schoolers.  There is lots of good advice on the web on protecting computers against ransomware and other hackers.

					Steve McDonald
					[log in to unmask]

-----Original Message-----
From: Code for Libraries <[log in to unmask]> On Behalf Of charles meyer
Sent: Monday, February 20, 2023 10:31 PM
To: [log in to unmask]
Subject: [External] [CODE4LIB] Medical Records Portals - Hacking

My esteemed listmates,

Has anyone found reliable analysis and risk factoring of the vulnerabilities of health care (medical) portals?

Health care professionals from doctor offices to hospitals all insist patients subscribe to their health care portal.

That raises the question of how difficult is it for hackers to access your medical records?

We’ve seen in the news how county governments have had to pay for the ransomware holding their operational software hostage.

Is it such a stretch those nefarious characters could also hack our medical records and hold hospitals hostage?

They could, conceivably, do the same with library materials patrons have checked out holding the county hostage for that info.

Thank you.


Charles Meyer

Charlotte County Public Library

Caution: This message originated from outside of the Tufts University organization. Please exercise caution when clicking links or opening attachments. When in doubt, email the TTS Service Desk at [log in to unmask]<mailto:[log in to unmask]> or call them directly at 617-627-3376.