- EHR vulnerabilities can be exploited to gain control of application or access to data for modification or retrieval
- EHR applications have vulnerabilities consistent with other complex applications
- Application vulnerabilities have long lives
- EHR vulnerabilities are not disclosed to customers of these systems
- Commercial EHR systems are vulnerable to exploitation given existing industry development and disclosure practices
- Security software effectively reduced time of exposure
- No organization could be identified that has responsibility, charter or mission to address security vulnerabilities in eHealth applications
This is a space worth watching for future developments.
For an overview of the report read Nancy Ferris' article titled Hacking into e-health records is too easy, group says.