The OCR Cybersecurity Newsletter for March of 2022 discusses preventative steps covered entities and business associates can take to protect against some of the common cyberattacks driving these numbers. Here are some newsletter highlights.
OCR Cybersecurity Newsletter: Because It Still Works
As the newsletter notes, most cyberattacks can be substantially mitigated or prevented altogether. This is if covered entities and business associates implement Security Rule requirements to address the most common cyberattacks.
OCR singles out three common cyberattacks that can be mitigated or prevented:
- Exploitation of known vulnerabilities
- Taking advantage of weak authentication protocols
Using any of these methods, an attacker can encrypt a provider’s or business associate’s PHI or ePHI. From there, the attacker can hold the information for ransom, dangle the threat of public release to blackmail someone, or use the information to commit identity theft. Attacks on PHI also can disrupt the provision of healthcare, as covered entities and businesses find their operations and resource flows slowed or stopped because of a cyberattack.
OCR Cybersecurity Newsletter: Phishing – Avoiding the Bottom Feeders
Phishing has been a favored cyberattacker tool since the early days of the Internet. The word “phishing” was created around 1996 by hackers who were stealing account and password information from Internet Service Provider (ISP) America Online users. While America Online, dial-up modems, and installation CDs have attained relic status, basic phishing techniques have remained the same. A cyberattacker sends an email to the intended victim; the message informs the victim that their email account has been compromised and that the user needs to respond immediately by clicking on a provided link. Clicking on the link sets the attack in motion.