Recently Reported Healthcare Cyber Attacks
A recent blog post in HealthITSecurity lists three recent healthcare cyber attacks. It's important to read the information and see how smaller practices are being compromised and the work they are doing to remediate, and report the incident. Remember these simple things to help protect yourself and your organization:
- Training, training, education, education, awareness, awareness. Ensure you and your organization integrate some type of ongoing cyber security awareness education into your operations. Articles, blog posts, an intranet, etc. Figure out a way to consistently get the word out and increase the awareness of your entire team.
- Remind people not to open emails that in any way seem suspicious. If it doesn't look like something someone would say, is odd in any way, seems weird, feels weird then it likely is weird. Regardless of all the technology in place it's possible for scam emails to still make it through.
- Watch the places you go on the web. Keep your web filters tight, and reconsider allowing access to social media accounts on work computers. More and more hackers are taking to Facebook, LinkedIn, etc to create scams via messenger apps and posts. We recommend if you want to allow people to do that then give them access to your isolated guest network on their mobile devices. We realize there are valid reasons for access to social media, especially for sales, marketing and research but that access can be limited and those people should be trained and updated consistently on best practices and maintaining security.
- DO NOT allow foreign devices on your network. This includes employee and owners personal computers and mobile devices (unless the company is securing the with the same tools) AND those of partners such as 3rd party accountants, lawyers, and other vendors. These should be isolated to using the guest network to ensure that they cannot access any corporate data. It is also important to provide some type of splash screen when accessing the guest network that protects and indemnifies your business from anything that may happen while on that network. If multiple people are on that network and have viruses, malware, etc the possibility exists for them to infect each other, which could come back to haunt you.
Security is inconvenient, but not nearly as inconvenient as the ramifications of an incident and/or breach.