As the healthcare industry evolved, it began to primarily rely on technology and digitalization — On one hand, operating systems are simplifying our processes, but on the other, they’re falling prey to cyber-attacks.
Since the start of the COVID-19 pandemic, the healthcare industry has seen a dramatic increase in the number of cyber attacks, especially to those who are working on the novel coronavirus response teams, as well as the public at large.
Social engineering strategies that preyed upon fear over the virus began appearing in late January and have spread around us as quickly as the disease. Hackers typically pose as a trusted organization (banks, insurance companies, service providers, Health informatics software and more) or individuals (alleged doctors, co-workers, managers, IT administrators and more). The volume of malicious emails has rocketed, according to Proofpoint, a cybersecurity company monitoring virus-related cybercrime.
Breaches in the healthcare system are particularly problematic because health information is sacred; it is among the most personal and private forms of information an individual can have and these institutions store large amounts of health data related to a patients’ conditions along with medical billing and insurance information, which are of high value in the black market and are often targeted by hackers.
Help your team fight cyber attacks
Even before the COVID-19 crisis, threat-aware employees are the first line of defense against cyber intrusions. Instruct your team to work under a zero-trust model, every time specially while working from home.
Under this zero-trust model, trust is not freely given, but must be earned. You should question “who, what, where, why and how” for every attempt and point of contact, and you should keep verifying it relentlessly on every email.
Heightened awareness can be a powerful antidote. To protect from a social engineering attack, make sure your team takes these precautions:
Be skeptical of emails from unknown or familiar senders who do not usually communicate directly with you.
Don’t click on links or open attachments from suspicious senders.
Don’t forward suspicious emails to co-workers.
Examine the sender’s email address to ensure it’s from a real account. Hover over the link to expose the associated web addresses in the “to” and “from” fields; look for slight character changes that make email addresses appear visually accurate — a .com domain where it should be .gov, for example.
Note grammatical errors in the text of the email; they’re usually a sure sign of fraud.
Report suspicious emails to the IT or security department.
Install the corporate-approved anti-phishing filter on browsers and emails and keep them up to date.
Use the corporate-approved anti-virus software to scan attachments.
Never donate to charities via links included in an email. Instead, go directly to their website to donate.
These incidents have minimized consumer confidence in healthcare
Healthcare breaches are costly. In the past, insurance companies affected have paid millions of dollars to the Office of Civil Rights after a series of cyber attacks exposed the Electronic protected health information of over 79 million people. And they have not been the only healthcare-related entities to be affected – hospitals and physicians have felt the pain, too.
According to Becker’s Hospital Review, roughly 90% of hospitals in the U.S. reported a breach in the past two years, amounting to $6.2 billion in costs. Physicians and physician groups have also been affected. According to a recent survey released by Accenture and the American Medical Association, a staggering 83% of U.S. physicians have reported experiencing some form of a cybersecurity attack.
Financial loss due to government fines is not the only concern – loss of patient trust is equally, if not more, devastating. Patients who cannot trust their providers to keep their information protected will go elsewhere – a hard pill to swallow considering the time and effort it takes to attract and retain patients during this ongoing global crisis.
Another serious concern is cyber-extortion, in which unscrupulous hackers hold medical records hostage or threaten to alter or delete patient information unless the healthcare entity pays.
Data breaches take a significant financial, operational and reputational toll on healthcare entities and the patients they serve – the highest price of any industry. It is mandatory upon the healthcare industry to take steps to ensure that patients can remain confident in the security of their information.
Smrtdo, as a healthcare company operates in accordance with all applicable privacy and data protection laws. Doing so is core to our philosophy as a medical billing company and our commitment to the Rural communities we serve. We take the trust our partners put in us very seriously and handle their patient’s personal information with utmost care.