Are death records and the EDRS system susceptible to hacking and what are the implications. This in an age where every day hacking of sophisticated encrypted government servers have seen the personal details of around 21 million individuals compromised. So could death records be manipulated and could an individual be legally declared deceased in order to misappropriate their identity.
The process of death records takes in many bodies involving medical staff, local and state government, office of the chief medical examiner, funeral homes and long term care facilities. Death records can be accessed by funeral homes in the EDRS (Electronic Death Registration System) after certification by a medical examiner of physician. Funeral directors then work with the local board of health and are responsible for the personal data of the deceased.
Funeral homes can create the death record or access the death record in the VIP Electronic Death Registration System (EDRS) after the certifying physician or medical examiner creates the record. Funeral directors are also required to explain what happened to the remains. However what if one of those within the chain could be hijacked and an individual could be declared dead either for profit or malice.
A hacker in Australia has been exploring flaws within the death industry for over a year. He admits that he was further prompted when a hospital in Australia forwarded 200 death certificates instead of discharge notices. Following this it was noted that almost all countries in the West have taken the decision to embrace online systems.
Most states within the U.S. use the EDR system. Implementing EDR can go a long way to virtually eliminating errors in death reporting. The Social Security Administration has been calling for the switch to the EDRS since 2002. EDRS is much more reliable and accurate than the manual process as state officials verify social security numbers and names to government records prior to issue of a death certificate.
However the worry is that individuals may well be able to hack in to the EDR framework by usurping the identities of those professionals involved in the chain. It appears that a physicians name, medical practices and license numbers are freely available online and that death records could be compromised. The concern remains that anyone can access legitimate information of medical professionals and combine a burner phone and an anonymous email address for the submission of fraudulent applications in order to access the EDR system.