Cloud Casualties & Your EHR Software

Over the past several years, I’ve discussed:

And now comes an attack on a hosting company. The hosting company could have been ANY hosting company. And the data on their servers could be ANY data – your patient data perhaps. The attack wiped out everything – including all the backups. So, if it was your patient data, stored by EHR software on that hosting platform, you would have lost everything.

On June 17th, 2014 the DDOS (distributed denial of service) attack on Code Spaces wiped out their system along with all their backups and put them out of business. They had advertised that your data was safe because they had redundant systems spanning multiple geographic locations.

Regardless of the company you contract with for your patient data, realize that they in turn have contracted with a company to provide storage space in the “cloud.” A company that – no matter how safe they claim to be – can be targeted.

With ECLIPSE, where your data resides is up to you. And where your backups reside is determined by you as well. ECLIPSE based practices often maintain backups at several locations, making it difficult or impossible for third parties to hold that data hostage. So, before you succumb to “Cloud fever” — please don’t assume you can leave all your worries behind. At the very least, use a 3rd party tool to create data backups that you can download on a regular basis.

Addendum (8/20/2014):

Since this article was posted, here are just two (of many) additional events that occurred in subsequent weeks…

  • According to various news sources, up to 35% of Practice Fusion customers (i.e. doctors & staff who use the Practice Fusion EHR) lost access for up to two days due to problems with a data center.
  • Community Health Systems, which operates 206 hospitals across the United States, announced on 8/18/2014 that hackers recently broke into its computers and stole data on 4.5 million patients. Anyone who received treatment from a network-owned hospital in the last five years — or was merely referred there by an outside doctor — is affected. The company’s hospitals operate in 28 states… and the lost personal information is protected by HIPAA. That means patients could sue the hospital network for damages.
This entry was posted in Cloud Computing, HIPAA and tagged . Bookmark the permalink.