We wanted to take a minute to share an important reminder regarding the attack healthcare organizations have been under in recent months. We received the below email from CIGNA today alerting providers about the recent spike in ransomware activity. This shouldn’t come as a surprise as the hacking of data has been everywhere on the news recently. Unfortunately, it could easily be overlooked or disregarded because of how focused we are on Covid-19.
As a company, we have utilized 2-factor authentication for all critical services as one way to safeguard user security. Unfortunately, that alone is not enough as emails are constantly being spoofed in order to gain access to information. If a hacker gains access to your patients email and learns that they have an upcoming appointment at your office, think of how easy it would be for them to send your staff an email with their “medical records” attached as a zip file. Zip files are one of the most common ways hackers gain access to personal information as the zip files are actually executable programs designed to infiltrate the host’s system. Most email services have advanced security filters in place to catch these but it’s vital that you educate your staff at the potential risk of opening attachments from unknown contacts(and even known contacts if their email has been compromised). As a rule, you should never open an attachment that you are not expecting to receive and be sure to check the file type before opening. We do not send zipped files via email and recommend that you adopt the same for your office. Instead of emailing large files, our team can upload and share which requires the receiver to log-in to their secure portal. This something simple you can implement to better secure your system.
In addition to email security, I don’t want to overlook the fact that websites are being hacked at an alarming rate within the medical community. We repel as many as 1000 hacking attempts each day for the websites that we build and manage. Make sure your website has proper backup procedures in place and that every user/editor of your site employs 2-factor authentication when accessing your website. In addition to user authentication measures, be sure your site has a firewall and automated malware scanner installed that protects AND monitors your website’s integrity. Hacking efforts evolve and your site’s protection needs to evolve with it.