Cyber Thieves Continue Targeting Healthcare Groups
April 15, 2019 The NonProfit Times
Cyberattacks on healthcare organizations appear to be keeping apace. According to Healthcare Dive, it’s because of the treasure of detailed personal information of clients and patients along with staff data security mistakes.
In fact, more than half (53 percent) of breaches started inside the organizations, according to a study of 1,138 breaches between 2009 and 2017.
Phishing attacks were the leading cause of breaches, accounting for 37 percent across all industries, according to Healthcare Dive. Phishing is the attempt to obtain information such as usernames, passwords and credit card details by disguising online messaging as coming from a trusted source. The messages often will direct the target to a website that appears to be legitimate but is not.
After phishing comes network intrusion at 30 percent. Once that safety vail is pierced the travel plan goes through an Office 365 account, to seeking out data, installing ransomware or getting into the wire transfer accounts.
And, if your system is breached and/or locked up, paying the ransom doesn’t ensure you can get back to work. Roughly 9 percent of the time that ransom is paid, the organization does not get the key to unlock the ransomware.
The federal government requires that breaches of more than 500 records be reported to the U.S. Department of Health and Human Services Office for Civil Rights. There are six categories hacking, improper disposal, loss, theft, unauthorized access or disclosure, or unknown.
Along with training, the best ways to prevent cyberattacks, according to First Republic Bank, include updating software with aggressive spam email filtering, antivirus software and financial malware detection software; Creating a documented Incident Response Plan; Restrict privileges, password protection; and, Pause and investigate.
When it comes to pause and investigate, according to First Republic Bank, questioning emails is a smart move. Question whether an executive send a type of request, if it’s a new payment or if the timing of the payments or requests changed?