It’s just an
innocent, blue, highlighted, underlined sentence in an email asking you to click. What’s the harm
in just one little click? That little, half-second click is it all it takes…
healthcare organizations are predicted to be one of the top targets for cyber
security threats. Historically, healthcare has ranked in the top of the list,
but this year it has moved to the front of the line. Security breaches involving
more than 500 records have increased 300% in the last three years. The recent announcement from CMS at https://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/Downloads/Survey-and-Cert-Letter-17-17.pdf confirms just how serious everyone needs to
treat this issue.
moment you started reading this blog until now, hackers have already come up
with hundreds of new ways to attack your network and systems. New forms of
viruses, malware and ransomware have been designed to outsmart your cyber security
software and hardware. Legitimate web sites have been hit with hackers hiding
malicious software that is launched when you open an infected page.
access protected health information every day over your network through PC’s,
tablets, and mobile devices. You and your IT department are confident in the
security protection you have in place. You’re anti-virus/malware software is
updated every day, you have network intrusion detection, email scanning, and
advanced internet filtering and reporting tools that block malicious
does his or her usual routine for the beginning of a workday, which includes
checking work email. A mass email has been sent out to 500 employees from what
looks like a legitimate email address from someone within the organization. The
subject line has a message that looks important. At least 150 of your employees will open it,
according to statistics. Out of those who opened it, 18 will make that one
should you be worried? All of your security protection was put into place to
avoid any attacks. Unfortunately, your internet-filtering device fails to block
the threat because it does not automatically update the list of known malicious
web sites. Your intrusion detection
system has been logging a higher than normal amount of external attempts to
access the network. No one in your IT department has looked at the reports for
a few days. You do not have an intrusion
detection system that automatically notifies IT of potential attacks. Your anti-virus/malware software vendor does
not have a patch for the attack launched today. You do not have a centralized anti-
virus/malware management system that automatically tells you what devices are
All Because Of One Little Click
The hackers could have accessed a file or report that one employee saved in an
email, personal file, corporate shared file or laptop containing protected information. This is only the beginning.
theft victims will most likely find out months later when their credit card statement
has fraudulent charges or unexpected collection letters. Studies have shown it will cost them an
average of $13,500 and 200 hours to fully recover.
your organization? You will have to report the incident to the Department of
Health and Human Services and notify all individuals involved. You will be
required to send out a press release and post on our web site the details of
the incident if more than 500 records were breached. Millions of dollars and
valuable time will be spent to restore the records that have been stolen not to
mention the impact on your reputation.
procedures, training, and follow-up training are the steps you have taken
first. You continue to educate and train
new employees. What else can you
do? Train employees on what phishing
looks like: misspelled words in emails, sense of urgency, spoofing (slightly
altered email and web addresses), and some sort of call to action. Other
preventative measures like cutting off network access and system access to all
software for terminated employees, and having them return all company owned
devices before they leave. These devices need to be wiped clean of all files
and programs. If mobile phones are used, make sure you have a mobile device
management system in place that can encrypt text messages and control what apps
can be loaded. You also need to prevent
email from being stored on personal smartphones.
importantly, the more layers and more eyes you have on your network the better.
IT departments need to be at the front
of the battle line, ensuring the security layers are sufficient. Cyber Security
tools require constant attention and oversight every day. Backup and recovery systems need to be
implemented and tested on a regular schedule. If a data breach happens, you need
to have the option to shut down the first point of threat. If you have the necessary back-up systems in
place, you will need to restore all previous data before the threat occurred.
eyes the better. Your network should be constantly monitored for any
penetrating threats. These threats can occur up to 500 times per second, a
statistic you do not want to take a chance on. If internal resources are not
available and reliable, outsourcing your IT, Cyber Monitoring, and annual Risk
Assessments may be your best solution.
all you can to safeguard your organization for 2017.
Remember, that one
little click is all it takes http://www.preludeservices.com
Stufft is president/CEO
of Prelude Services. He may be reached at email@example.com.