A top priority of healthcare providers is to protect patient data. ePHI is required to be secure in order to maintain patient confidentiality and to ensure a breach does not occur. With the ever-changing threat landscape and sophisticated ransomware attacks, providers must work even harder to protect patient data. Here are the top five threats to healthcare providers that can put your practice at risk.
- Phishing and lack of security training. Phishing attacks are still the top way threat actors are able to access your data. If an employee clicks on a phishing link, they have just granted access to their credentials, data, and more. Periodic security training with your staff can help educate employees on what to look for in suspicious links. It is also a great opportunity to review your organization’s security policies and procedures. Training should be required for all staff and participation should be documented.
- Ransomware attacks. The recent Daixin Team attacks have specifically targeted healthcare providers. The attackers gain access through VPN’s that are not patched for current vulnerabilities, phishing emails, and compromised credentials. Once they gain access, the threat actors were able to deploy ransomware, reset account passwords, and exfiltrate data from the network. Regularly patching your systems along with a vulnerability management solution can minimize your risk for these types of attacks.
- Loss/theft of equipment. Accidents happen, we all know that. When it comes to equipment that houses or provides access to patient data, it’s critical that your staff does everything they can to ensure it is safe. Utilizing equipment locking mechanisms in your offices will make it more difficult for someone to walk away with any devices. It’s also critical to remind your staff to never leave any laptops or mobile devices connected to your network unattended for risk of loss or theft. It’s not only costly to replace from an equipment perspective, but can also result in a breach of patient data depending on what is on the device.
- Insider, accidental, or intentional data loss. Whether a disgruntled employee has released information intentionally or someone accidentally shared patient data, data loss is a common problem among healthcare providers. Data loss can be prevented by utilizing a good backup. If your practice is hit with an attack, the quickest way to get back up and running is to pull from a recent backup. Your IT team should have a data retention policy in place to determine what data is to be backed up and how often. Your backups should be tested regularly to ensure you can restore them quickly if needed.
- Attacks against devices. Do you know what devices are connected to your network? If you don’t, you’re at risk for outside attacks. These attacks can come through Wi-Fi hacking and other malicious tactics. Implement network segmentation and firewalling to isolate private from public devices.
Did you notice that four of the five threats are risks associated by humans? Your users are your biggest threat. Periodic and proper training can educate your employees on how to protect patient data and stay secure. Contact us today for more information on our security awareness training for your team.