Why You Need to
Understand Cyber Security

By:

Cyber Attacks on the Rise

The global cost of cyber attacks is enormous and is expected to grow 15 percent annually for the foreseeable future. For the period January 25th, 2021, through January 25th, 2023, per the Office of Civil Rights (OCR), Department of Health and Human Services (DHHS) there were 876 open investigations with over 76 million individuals affected.[1] 

Common Healthcare Cyber Attacks

The most common cyber-attack in healthcare is through ransomware, a form of malware designed to encrypt files on a device.  This encryption renders both the files and the systems that rely on them unusable until the target pays the attacker a ransom to gain access.  According to CrowdStrike’s 2022 Global Threat Report, there has been an 82 percent increase in ransomware-related data leaks.[2]

What are Threat Actors?

It is important to remember that behind every attack is a cybercriminal, also known as a threat actor or malicious actor. These are persons or organizations that cause intentional harm and are indiscriminate in choosing their targets.  Their focus is exploiting vulnerabilities and “mass scammers and automated hackers attack as many systems as possible and spread between networks like an infection.” [3]

The most common motivation is financial gain and the most common vulnerability is people, as humans are often the weakest link within an organization. The consequences of a cyber attack are enormous and include financial losses, harm to one’s reputation, civil suits, loss of business, criminal charges, and patient harm.  The average cost of a data breach in the United States is $3.8 million and the data shows that after a successful breach, public companies lose an average of eight percent of their stock. 

Preventive Measures

Unfortunately, threat actors evolve quickly and while a company’s security software may be current, new methods of attack are created daily.  That said, there are a number of preventive measures that can be taken and which include the following:

  • Loading “agents” on all servers and desktops to prevent and report infections. Common ones are Cylance AV, Cylance Optics, Cylance Huntress, and InfoCyte.
  • Loading “canary files” on network “nodes” to alert and isolate future infections. Canary files are triggers and alarms are activated when a virus interferes with them.
  • Contracting with a third-party security firm to monitor your entire system using Security Information and Event Management (SIEM) software. SIEM software gives security professionals insight into and a track record of the activities within their IT environment.
  • Establishing a “DMZ” zone, which is a security perimeter that monitors and validates all traffic that is trying to transit between networks.

Humans are the Weakest Link

While these measures are all important and valuable, as noted above, humans are the weakest link.  And emails are the easiest way for a threat actor to gain access to a system.  Anyone can open an email account on Gmail or Yahoo or Microsoft and put any name as the owner.

Busy employees may not pay close attention if an email appears to be from someone known to them.  It is thus important to review every email in its entirety and check for the following:

  • If an email states it is from, for example, Microsoft, does the domain name match?
  • Are there misspellings, grammatical errors, and abnormal spacings that could be indicative of a phishing email? Phishing is a cybercrime in which targets are contacted via email, telephone, text.
  • If there are hyperlinks in the email, is the URL consistent with the sender? A foreign name or location in the URL could be an indication the email is not legitimate and should be deleted immediately.
  • If the email creates a sense of urgency, demanding that an action be taken immediately in order to prevent harm, as an example.
  • Use common sense – if an email does not look right, it probably is not.

Example of a Phishing Email

The following is an excellent example of a phishing email which illustrates all of the points noted above:

phishing email example

Several quick ways to get in trouble are to:

 

  • Open emails that are based on the subject or sender.
  • Reply to, open attachments from, or click on URLs from unknown or untrusted sources.
  • Send personal information such as passwords, credit card numbers, social security numbers, and account numbers via email.

Healthcare Remains a Target for Cyber Threats

Healthcare is likely to remain a target for cyber criminals because it is an industry that is rich with private information that is easy to sell.  Providers are heavily targeted, and ransomware is a major threat with email as a common threat vector. 

Remember, humans are the weakest link; however, security awareness training and education and comprehensive security policies can help mitigate common vulnerabilities.  Conducting risk assessments and teaching end users how to identify and respond to potential security risks go a long way towards protecting organizations from potentially catastrophic events.   

Stay alert, check and double-check every email, and trust “gut” feelings!

Barbara Rubel headshot

Barbara Rubel

MBA, FRBMA

Senior Vice President, Marketing & Client Services

Barbara has been a leader with MSN Client Services since 1998. Her extensive background in strategic planning, market research, healthcare marketing and managed care negotiations provides a wealth of information to support MSN Clients.

Barbara has also been highly involved in industry organizations, serving as President of the Radiology Business Management Association (RBMA), the Georgia RBMA, and the Florida RBMA. In addition, she chaired the influential RBMA Federal Affairs Committee and the RBMA Technology Task force and was a member of the RBMA Data Committee. Her work on behalf of radiology has earned her the RBMA Special Recognition Award (2010), the RBMA Global Achievement Award (2013), and she is a Fellow of the RBMA.

david-miller-2020

David Miller

Chief Administrative Officer Technology Partners, LLC

Immediately prior to joining the ImagineTeam, David retired from the FBI after a 21-year career as a Special Agent, where he demonstrated success conducting national security investigations and intelligence operations; developing, reengineering, and leading information sharing initiatives; overseeing task force and fusion center operations; managing and growing public-private partnerships; and building collaborative, mutually-beneficial relationships.

Share this post:

Related Posts
Choices in Radiology Practice Management

Choices

Managing a radiology practice isn’t a job for the faint of heart but you get to choose your response to daily challenges, large and small. An ethical foundation with a focus on financial viability can lead to success, longevity and job satisfaction.

Read More
radiologists in hospital setting having discussion over images

Radiology and the Hospital Stipend

Hospital-based radiology groups face a crisis on several levels, from maintaining adequate staffing to managing crushing workloads. Learn how forging a partnership with their hospitals has helped.

Read More

MSN Services Inquiry

If you would like to learn more about MSN services for your practice, please call us or use the form below.

1-866-567-7405  / Local: 706-653-8150





State:
Specialty:
Interested Services:

MSN Email Sign Up

Proactive communication and education are essential to running efficient and profitable practices.

Sign up below to receive regular industry news!