Right now a lot of medical transcription work is sent overseas to take advantage of low cost out sourcing. A few years ago a woman in Pakistan threatened to publish medical records
from UCSF Medical Center on the internet unless she was paid a bit more.
While it's always possible that external intruders could get by the network security, the EHR's security, and figure out how to access and make sense of the proprietary data in the systems, the biggest threat is from people on the inside.
IAAHITC - I Am A Healthcare IT Consultant