Mitigating the consequences of electronic health record data breaches for patients and healthcare workers

Electronic health records (EHRs) have been widely adopted in Australian public sector healthcare and will remain an ongoing, essential data system. However, recent substantial data breaches from hacked business data systems in Australian enterprises, as well as international healthcare providers, mean that EHR data breaches are increasingly likely in Australia. Risks include medical identity theft and extortion attempts based on threats to release sensitive patient information. Hacking is now a foreseeable additional risk of medical treatment. Risk mitigation for the consequences of data breaches needs to be considered, as well as support for patients (and families) and healthcare workers. This includes identity theft protection services, cybersecurity insurance, and psychological support. What is known about this topic? Electronic health records, in common with business and healthcare data systems, are vulnerable to data breaches and have been recently targeted in Australia and internationally. What does this paper add? Electronic health records present particular cybersecurity data breach risks for patients and healthcare workers through the release of confidential information, identity theft, and associated psychological distress. What are the implications for practitioners? Electronic health record platforms need legislative regulation and personalised provision of support to patients and healthcare workers to mitigate the consequences of inevitable data breaches.