Cybersecurity Awareness Month is wrapping up (believe it or not it’s almost Halloween, if you’ve lost track of the days this year like we have), but as the month ends the protections and measures you have in place to prevent a cyberattack should remain in full force.
Just a quick glance at our HIPAA news page shows a growing list of recent HIPAA enforcement efforts, many stemming from cyberattacks that could have been avoided. Couple that with growing cyber threats during COVID-19 and you have yourself a pretty good idea of why cybersecurity should stay top of mind for months to come. We know that the word ‘cybersecurity’ can be a little vague – and even daunting – so here’s a recap of the latest and greatest threats to watch out for:
- The Office for Civil Rights (OCR) has sent out several cyber alerts one, in particular, highlighting the daily threat (4,000 attacks a day!) that ransomware poses to the healthcare sector. Ransomware literally holds your data for ransom – usually by encrypting the data and preventing access until the ransom is paid – and can make your essential healthcare data completely inaccessible unless you fork over the $$$. Along with the alert, the OCR included a Ransomware Guide and Fact Sheet to help practices understand and manage ransomware risks (specifically how a HIPAA compliance program can help!).
- Phishing has grown increasingly common (and no, we don’t mean the kind that happens out on a lake) specifically in the healthcare industry. In fact, 88% of healthcare workers reported opening a phishing email before. The type of phishing to be on the lookout for (again, not talking about prize winning trout) are emails disguised as coming from trusted sources, but with some small error, and are designed to trick the recipient into opening a link or downloading an attachment that paves the way for hackers to enter your systems.
Missing Key Technical Safeguards
Properly Mitigating Potential Threats
- More often than not, practices are aware of a potential cyber threat, yet don’t do anything to stop it. Having audit controls in place to identify and address breaches as well as taking the proper action when a threat is identified is essential to stopping an attack early, and staying on the OCR’s good side.
- Training, training, training – we can’t say this enough! Negligent breaches happen twice as often as malicious ones and proper employee education is a huge factor. While it’s already required under HIPAA to do annual staff training, we recommend sharing cyber best practices regularly and always keeping in the know. Pro tip: Abyde’s HIPAA staff training includes common cyberthreats to watch out for and how to avoid them.
Not convinced cybersecurity is important? Just look at the data:
- In February 2020 alone, 1,531,855 records were exposed in healthcare data breaches.
- 82% of healthcare orgs agree that digital security is one of their foremost concerns.
- Insiders are responsible for 59% of all healthcare security incidents and data breaches.
- Only 44% of healthcare organizations meet cybersecurity standards.
We can probably agree that unless you put your practice in a bubble there really is no such thing as being 100% protected from every cyberthreat out there. Since totally cutting off your patient’s sensitive information is impossible, the next best thing is to have all the necessary technical safeguards and be aware of how to properly handle a threat.