Presbyterian Healthcare Services is the latest victim of phishing attacks in the healthcare industry. A phishing attack is when unauthorized access to an organization’s network is gained by targeting employees’ email accounts. Hackers disguise themselves as a trusted individual and send a malicious link, usually through email, that allows them access to the employees’ email accounts. They may send the link to several employees within an organization, or target one individual. Hackers then have access to any information that may be held within the email account(s), including contacts and any email attachments. Healthcare cyber attacks are a growing concern, with 88% of data breaches in 2019 a result of hacking incidents.
Presbyterian Phishing Attack
In May, Presbyterian employees received deceptive emails that ultimately resulted in unauthorized access to their network. Protected health information (PHI) such as names, dates of birth, and Social Security numbers of 183,000 individuals may have been compromised. However, there is no evidence that hackers accessed billing information or electronic health records. Some of the affected individuals were Medicaid recipients, although it is unclear as to how many. The incident took approximately one month to detect.
Upon discovery, Presbyterian reported the incident to federal law enforcement as well as affected individuals. Affected individuals will receive free identity protection and credit monitoring. Presbyterian has since secured the breached email accounts and is implementing additional security measures, as well as employee training to recognize potential phishing incidents.
How to Prevent Healthcare Cyber Attacks by Increasing Cybersecurity
With an increase in healthcare cyber attacks, healthcare organizations must implement cybersecurity practices to safeguard the PHI they are working with.
The Department of Health and Human Services (HHS) recommends ten cybersecurity practices that any organization working with PHI should implement.
- Email protection systems
- Endpoint protection systems
- Access management
- Data protection and loss prevention
- Asset management
- Network management
- Vulnerability management
- Incident response
- Medical device security
- Cybersecurity policies
Small and medium-sized businesses without dedicated IT staff, may have a difficult time implementing adequate cybersecurity practices. To properly address and prevent healthcare cyber attacks, it may be valuable to seek the advice of an expert.
Do You Need Help Addressing Cybersecurity?
Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the GuardTM, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.
To address HIPAA cybersecurity requirements, Compliancy Group works with IT and Managed Service Provider (MSP) security partners from across the country, who can be contracted to handle your HIPAA cybersecurity protection.