Medical information is the number one prime target when it comes to cybersecurity hacks, FBI Computer Scientist Thomas Ervin at Practice Management Institute’s National Conference for Medical Office Professionals in December. A single click on a phishing email can turn a machine into a “slave,” as termed in the cybersecurity industry. Phishing email incidents are not new and have increased more than 200 percent. It has become so prevalent that the U.S. Department of Homeland Security Cybersecurity Division has set up a website to report phishing emails. Ervin, FBI Special Agent Raymond Martinez, and Cybersecurity Expert Richard Avery delivered an eye-opening demonstration to show how easy it can be for your personal and work data to be compromised by a hacker. Cybercriminals target all types of organizations and these experts warned that healthcare entities need to be especially vigilant.
“Healthcare data and PHI are incredibly valuable on the black market which makes healthcare an extremely target-rich environment,” said Richard Avery, President of Titanium Computing. As an example, uninsured individuals can purchase insurance cards and fake identification on the black market, present them at a doctor’s office or hospital for treatment, and then disappear before the claim gets returned as fraudulent. As many as 30 percent of phishing emails bypass default security measures. Scary statistics for individuals and businesses.
Security Protocols Don't Always Work
Most medical practices are running very lean when it comes from spending money on their compliance programs and security, according to PMI Instructor/Consultant Linda D’Spain. “A lot of times they think they’re secure, but as we found out in the FBI demonstration, they are not.”
Avery said 51 percent of phishing attacks were linked to malware. Even big companies with cybersecurity teams in place like Google and Facebook ($100 million breach), along with banks and multi-million businesses around the world get hacked. The FBI predicts that $20 billion in losses in 2020 due to cyberattacks. Avery gave an example of 23 county municipalities in Texas were attacked in 2019.
“These were county government websites. They thought they were safe because their Internet Service Providers (ISP) handled their security.” said Avery. “About half had proper firewalls, security, and gap analysis in place to fulfill HIPAA security requirements. But hackers moved so quickly that as soon as the firewalls were in place, the hackers knew how to breach them.”
What Are the Tell-tale Signs of a Cyberattack?
How do you know if your system has been compromised? It’s complicated, said Avery. Hackers operate under the radar, but one possible indicator is if your computer performance is affected. It may be acting slower than normal which might indicate that a hacker is copying files from your drive to offshore servers in the background.
It may be malware, deployed from a link clicked from an email that contains a virus that worms its way into system to destroy files. Another more obvious way to know is that you get a message from the hacker.
“A ransomware attack is when a hacker sends an email with some type of attachment. It looks like an important email from someone you know, possibly in your office or organization. But when you click the link, you might see a window popup that says your system is under ransom and in order to get back your file you’re going to have to pay an amount of money to get it back.”
Tips to Keep Your Office Safe
So, what can you do to be more vigilant? Experts recommend that you stay on top of software and antivirus protection updates.
“Antivirus needs to be updated consistently so that it can have an impact on what you’re doing,” Avery said. “When those viruses get detected, they’re updated, scanned, then disseminated when your antivirus is updated.”
Other threats such as compromised passwords can wreak havoc on your valuable digital data. Using old versions of web browsers makes it easy for hackers to grab saved login information.
Learn more about phishing threats Friday, January 31. Richard Avery and PMI President/CEO David T. Womack will talk about Spear Phishing Threats in a Medical Office. They’ll present examples and answer your questions live. Registration is free and limited spots are available.