It is a known fact that hackers target the healthcare sector because the data is so valuable. The cost of healthcare data breaches increased from a total average of $7.13M in 2020 to $9.23M in 2021. The average breach cost rose $1.07M for those who had remote access. Organizations in the U.S. has lost $2.4B to business email scams. They have estimated that cybercrime topped $6T worldwide.
So, how do hackers get in and what can you do to protect yourself?
Remember, there isn’t ONE magic setting to protect you from all threats, it takes layers of security!
Organizations must have solid network security in place. Firewalls are a necessity in today’s world. You can set specific parameters to ensure employees can go where they need to, and block where they do not. You can also set security policies that block other countries.
Utilizing real-time anti-virus and anti-malware software also helps. This won’t help if an employee clicks on a link or picks up malware on the internet unless the system alerts the user BEFORE they click! For example, if an employee is surfing the web (and no they should not surf on a work computer), and they visit a website that has been infected, your anti-virus / anti-malware software should alert you with a warning.
Although there are brut attacks, but most hackers come in via through a phishing attempt. Often, an employee makes a simple mistake like clicking on a link or an attachment in an email. Even though I talk about this ALL the time and say NEVER do this…people still do.
Email scammers use several ways to trick employees to gain access to information. Including getting employees to send wire transfers, send a list of employee’s social security numbers, or to make purchases they are not aware of. Alan Suderman at Fortune cited a case where thieves hacked the email account of the organization’s bookkeeper, then inserted themselves into a long email thread, sent messages asking to change the wire payment instructions for a grant recipient, and made off with $650,000.
You think this can’t happen to you, but I know of a practice that someone hacked an email account and changed the bank information for payments from an insurance carrier, they lost about $100K.
I know of a company that the CEO email was hacked and being monitored, once the scammers knew who they talked to on the phone and who they did not, then the call came in to make a $65K wire transfer. POOF! Just like that $65K was gone.
YES, THIS HAPPENS! Keep in mind, if the caller or the email is asking for private information or money, verify BEFORE releasing it.
• Unless you are expecting an email from someone, DO NOT CLICK!
• If you get an email from someone you know and were not expecting it, pick up the phone and call them!
• If there is a link, open a web browser and open your account from there.
• If it is URGENT and requires you to act immediately, it is more than likely a hacker/spammer.
• If it says your credit card has been charged for something and you didn’t charge it, call your card company or your bank, do not call the number in the email or call the number in the voice mail.
• If they have all your information except the code on the back and ask you to verify the card by giving them the number, DO NOT.
• Government, state, and local authorities will not call you and demand payment immediately. Ignore these completely.
• Again, if money or personal information is involved, VERIFY!
Scammers share their success stories with other scammers, while ransomware hackers will hit you again if you pay. There is no honor among thieves.
All sizes of organizations need to be on high alert, from large hospitals to small single provider practices. I have used this analogy before, the World Wide Web it the modern version of the Wild Wild West. The biggest difference is you can’t see the bad guys coming into town to prepare. You must prepare for the unknown and the unseen.
There are companies that offer Phishing training. Then, they try to get your employees to take the bait. This has been a success at most companies. Educating your staff is JOB ONE! They can be your best ally, or your weakest link. You can build a fortress around your data, and one click can bring it down.
Continuous security awareness training is vital in your fight against these bad actors. Organizations must teach employees to be watchful for phishing attacks and stopping them by simply not engaging in emails and on the web.
To find out more about how our automated HIPAA compliance platform can help your organization click here:
Or to schedule a demo click the contact us tab and scroll down.
“Simplifying HIPAA through Automation, Education, and Support”