While phishing seems like an outdated mode of hacking, the truth is that it’s a very real threat to the healthcare industry. In early July, hackers were able to breach networks of Reliable Respiratory of Norwood, Mass., via a phishing campaign that potentially exposed at least 15 different types of protected health information. Oregon-based provider Legacy Health revealed to some 38,000 patients in August that a phishing attack in May possibly exposed personal health information. With these threats on the rise and breaches proving costly for healthcare organizations, how can healthcare organizations best prevent phishing attacks?
Audit the Current Cybersecurity Environment
Emerging technology like mobile and Internet of Things devices as well as legacy devices carry their own threats. Owing to this, companies should conduct a thorough and ongoing assessment of their vulnerabilities. To stay ahead of traditional protections that organizations deploy, cybercriminals are adept at modifying their malware and methods, as seen by the rise in infections and sophistication of attacks in 2017. It is thus important for companies to be aware of the threats, keep up-to-date with patches, and use defences that protect against constantly evolving malware.
A major challenge while safeguarding patient data is to keep sensitive information cordoned off from the rest of the network, making it more difficult for cyberattackers to reach it. This is where segmentation comes into the picture. It employs firewalls, routers and other tools to restrict access to parts of a network and provide an added layer of security to PHI.
Train End Users
According to Verizon’s 2018 Data Breach Investigations Report, healthcare is the only industry where insider threats prove greater than those from outside an organization. Training employees to spot and report suspicious email activity is vital to prevent accidental exposure from insiders.