July 2016 www.SecurityInfoWatch.com / Security Dealer & Integrator 27
ing information like Social Security
numbers to detailed Electronic Med-
ical Records (EMR). "In healthcare,
the value of the information is just so
high; in fact, EMR are worth 8 to 10
times the value of credit card informa-
tion," Warren explains.
"Your Electronic Medical Record
never expires and can't be canceled,"
Warren adds. "If you steal my credit
card number, you are only going to
use it until I find out about it; Elec-
tronic Medical Records are used over
the course of an entire lifetime."
ieves can use PHI in so many
different ways. According to War-
ren, they can use it to get drugs under
a person's name and diagnosis, and
then resell those drugs. ey can use
it to buy medical equipment that is
then resold. ey can use it to get free
healthcare — if someone might need
surgery and doesn't have insurance,
the criminal can sell the EMR to that
person, who then uses it to get the
procedure on someone else's insur-
ance. "e the of laptops containing
unencrypted medical records is an
ongoing problem and one of the top
categories of HIPAA disclosures to
DHHS," says Tim McElwee, President
of Proficio, a managed IT security ser-
vices provider.
While the traditional security inte-
grator may not be the initial go-to
The long-term damage
that can result from a data
breach in healthcare can be just
as debilitating financially as an
active shooter can be to a facility,"
— Bryan Warren, Director of Corporate Security,
Carolinas Healthcare System