As the Obama administration pushes ahead with plans to increase the use of electronic medical records, two internal reports released Tuesday by the Department of Health and Human Services revealed "significant concerns" about security gaps in the system.
The Office of the Inspector General found "a lack of general [information technology] security controls during prior audits at Medicare contractors, State Medicaid agencies, and hospitals."
The investigation audited computer security at seven large hospitals in different states, and found 151 major vulnerabilities, including unencrypted wireless connections, easy passwords, and even a taped-over door lock on a room used for data storage. The auditors classified 124 of the breeches were "high impact" - resulting in costly losses, injury or death. According to the report, "outsiders or employees at some hospitals could have accessed, and at one of the seven hospitals did access, systems and beneficiaries' personal data."