In the latest HIMSS cybersecurity survey two-thirds of nearly 300 respondents said they’ve recently experienced a “significant security incident.”
You must press on in your hospital’s risk management diligence. Today we have an example of how your security officer can take steps to educate and warn your team members about recent attempts in e-mail phishing.
Implement A Security and Training Awareness Program
The “Security Awareness and Training” HIPAA Standard (§ 164.308(a)(5)) requires Covered Entities to implement a security awareness and training program for all members of its workforce. Part of this training includes the topic of social engineering as being one of the threats to Electronic Patient Health Information (EPHI), so we wanted to provide you with an example of how to inform your employees on this subject.
Don't Click That Link!
"The FBI has just released a bulletin notifying government agencies and other private sector (including healthcare) entities to be on the lookout for a significant increase in e-mail phishing scams in the near future. The FBI has observed malicious actors targeting US Government Agencies with spear phish messages likely for the purpose of obtaining sensitive information, similar to the activities that resulted in the huge government agency breach back in June. For example, if you receive an e-mail that states to click here to get your free $500 dollar gift certificate from Visa……DON’T DO IT! It was also reported that a healthcare facility in Pennsylvania had to report a breach after an employee sent 722 patient information records to an incorrect e-mail address. Due diligence in both what you’re sending and potentially opening is something everyone has to constantly be aware of."
If you don’t have a security officer sending this type of information out, staying up to date on threats, ensuring policies are being followed, etc., then let us know if we can help fill that gap for you.