By 
IT professionals in charge of supporting healthcare organizations are devoting more time to protect the integrity of their networks and defend against malware, spyware, viruses, worms and other threats to security. According to an article in Insurance Journal, cyberattacks against healthcare organizations have increased more than 200 percent over the past five years. The average cost of a hospital data breach has been estimated to be $2.1 million according the Ponemon Institute, a security research and consulting firm. Ponemon’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data indicates that 45% of data breaches are caused by criminals, surpassing insider breaches by employees for the first time. The ramifications from a failure to safeguard sensitive information can lead to a patient’s financial losses or identity theft. Other risks include financial losses for the organization, as well as intellectual property and reputation losses. Maintaining a constant state of vigilance makes it difficult to stay on top of threats and the countermeasures organizations need to implement to protect their networks.Establishing an Employee IT Policy
The following are five of the cyberattacks that healthcare organizations must protect themselves against.
1. Lost or Stolen Employee Devices
It has been stated that more than 80% of employed adults use their own devices for work. To that end, a lost or stolen device may allow hackers easy access to a healthcare organization’s network. To guard against data loss, acceptable use policies and best practices need to be clearly conveyed to employees. Devices should be locked when not in use to prevent casual theft and organizations should employ automatic lockout access to VPN networks. Separating personal and business data and contacts as well as enabling remote data wipe can prevent access to critical business data and accounts stored on the device. Most importantly, employees should be educated to understand what data is allowed to be stored locally and held responsible for following set policies.
2. Password Extraction from Unprotected Lists
Despite warnings from the IT department, employees still leave unencrypted lists of passwords on their desktop computers, laptops and portable flash drives, which could be easily penetrated by a malicious hacker. Employees also leaving passwords clearly visible on notes taped to their computer monitor leave healthcare organizations vulnerable to unauthorized visitors or malicious insiders.
3. Phishing
Phishing schemes, in which a cybercriminal will defraud users using such tactics as creating a fake version of a trusted website and then stealing their login details and credit card information. The best medicine against such an attack is to educate employees not to click on unknown or untrusted links or visit untrusted websites. Be on guard against phishing emails and text messages designed to trick employees into compromising their accounts and send alerts to warn of known dangers.
4. Spear Phishing
More sophisticated cyberattacks will employ spear phishing, with hackers creating fake emails that make it look as if they were sent to the recipients by an organization or someone they trust. As the criminal knows something about the identity of the recipient as well as the sender he’s impersonating, spear phishing attacks are more insidious because they can appear legitimate on first glance. To mitigate this risk to your organization, educate employees about their online presence, such as how much information is out there that could be pieced together about them and their employer. Have employees evaluate posts on social media that might reveal too much.
5. Whaling
In a whaling attack, would-be intruders focus their spear phishing efforts on an organization’s big fish—such as executives. These “whales” typically have access to highly valuable information and may not be technologically savvy enough to recognize their vulnerability to hacker tools such as viruses, malware and keystroke loggers. Cyber awareness and education is important even at the executive level of the organization.
Employing Proper Defenses
Healthcare is under attack because of the value of the data to the cybercriminals. Ponemon found that 90 percent of health-care providers were hit by breaches in the past two years with half of them criminal in nature. Now more than ever, healthcare organizations need to make sure that proper defenses have been installed to protect that data. It is imperative to protect against known and unknown attack methods. Work with trusted experts, like Resilient Intelligent Networks, who understand the unique challenges facing healthcare organizations and provide secured network design services. Resilient Intelligent Networks is systems integrator who works with best-in-class technology partners, such as Fortinet, to devise comprehensive network security solutions to mitigate a healthcare organizations risk from internal and external threats.
1. Lost or Stolen Employee Devices
It has been stated that more than 80% of employed adults use their own devices for work. To that end, a lost or stolen device may allow hackers easy access to a healthcare organization’s network. To guard against data loss, acceptable use policies and best practices need to be clearly conveyed to employees. Devices should be locked when not in use to prevent casual theft and organizations should employ automatic lockout access to VPN networks. Separating personal and business data and contacts as well as enabling remote data wipe can prevent access to critical business data and accounts stored on the device. Most importantly, employees should be educated to understand what data is allowed to be stored locally and held responsible for following set policies.
2. Password Extraction from Unprotected Lists
Despite warnings from the IT department, employees still leave unencrypted lists of passwords on their desktop computers, laptops and portable flash drives, which could be easily penetrated by a malicious hacker. Employees also leaving passwords clearly visible on notes taped to their computer monitor leave healthcare organizations vulnerable to unauthorized visitors or malicious insiders.
3. Phishing
Phishing schemes, in which a cybercriminal will defraud users using such tactics as creating a fake version of a trusted website and then stealing their login details and credit card information. The best medicine against such an attack is to educate employees not to click on unknown or untrusted links or visit untrusted websites. Be on guard against phishing emails and text messages designed to trick employees into compromising their accounts and send alerts to warn of known dangers.
4. Spear Phishing
More sophisticated cyberattacks will employ spear phishing, with hackers creating fake emails that make it look as if they were sent to the recipients by an organization or someone they trust. As the criminal knows something about the identity of the recipient as well as the sender he’s impersonating, spear phishing attacks are more insidious because they can appear legitimate on first glance. To mitigate this risk to your organization, educate employees about their online presence, such as how much information is out there that could be pieced together about them and their employer. Have employees evaluate posts on social media that might reveal too much.
5. Whaling
In a whaling attack, would-be intruders focus their spear phishing efforts on an organization’s big fish—such as executives. These “whales” typically have access to highly valuable information and may not be technologically savvy enough to recognize their vulnerability to hacker tools such as viruses, malware and keystroke loggers. Cyber awareness and education is important even at the executive level of the organization.
Employing Proper Defenses
Healthcare is under attack because of the value of the data to the cybercriminals. Ponemon found that 90 percent of health-care providers were hit by breaches in the past two years with half of them criminal in nature. Now more than ever, healthcare organizations need to make sure that proper defenses have been installed to protect that data. It is imperative to protect against known and unknown attack methods. Work with trusted experts, like Resilient Intelligent Networks, who understand the unique challenges facing healthcare organizations and provide secured network design services. Resilient Intelligent Networks is systems integrator who works with best-in-class technology partners, such as Fortinet, to devise comprehensive network security solutions to mitigate a healthcare organizations risk from internal and external threats.
