The Federal Bureau of Investigation heeded caution from reports of an increase in CEO fraud email scams. CEO fraud occurs when a hacker fakes a message from the CEO of a company and attempts to persuade an employee to transfer funds to an unnamed beneficiary or provide private information of its employees.
Data security in the healthcare industry is crucial for patient health and safety. By using camouflaged old malware, cyber attackers have been able to penetrate existing data systems. Old malware using a new identity render these viruses unidentifiable by antivirus systems used in the healthcare industry.
With higher education becoming increasingly more available, data breaches are on the rise as well. Colleges are responsible for compliance with security regulations, such as FERPA (Family Educational Rights and Privacy Act), as well as attempting to monitor use of personal devices as they have become a crucial component of classrooms and campus life. Hackers are targeting educational institutions more than ever, so effective data security is critical.
On February 5, 2016, the use of ransomware on Los Angeles' Hollywood Presbyterian Medical Center caused a shutdown of their systems and served as a reminder of the increasingly pressing issue of cyber extortion. The hospital released a statement reassuring that neither patient care nor employee or patient information were compromised during the attack. The statement also clarified that initial reports that the hospital paid $3.4 million to the hackers were mistaken, but the hackers walked away with just short of $18K, as it was deemed the "quickest and most efficient way" to obtain the decryption key so they could regain access to their systems. The issue with this statement is that paying the ransom does not guarantee the return of data. In fact, most IT and security resources agree that paying is confirmation to cyber attackers that they should return in the future.
Despite the advanced technology and insight into data breaches, many companies still find themselves victims of silent attacks conducted by hacking professionals. While there are few ways to prevent these attacks, there are multiple precautions you can take to protect your company and your customers.
Data breaches can occur when malware is downloaded onto a device. Malware consist of different viruses and software that collect private information without the target ever knowing. Most commonly, data breaches are performed using phishing, which occurs when one is sent emails or texts containing links to malware. They are cleverly disguised as normal emails that do not always look suspicious to the unsuspecting eye, or even appear "friendly," which are why many people fall victim.
Can you imagine a world where hacking was no longer a threat and security was stronger than ever? This is potentially the future of technology if efforts strive to invest time and money into a new generation of so-called "white hat' hackers.
In a recent article on Medical Economics' website, Giva proposes a 5-to-1 ratio of software developers to ethical hackers. This article calls for hefty fees that should be paid to registered ethical hackers for finding weaknesses or gaps in a company's system. Due to the good money opportunity by taking this path, it would persuade those with hacking skills to use their skills to improve technology instead of attacking it. A better future starts with the decision to work for it, and the development of an ethical hacking field is a crucial first step towards a brighter one.
Do you feel uneasy writing out all of your personal information in a hospital waiting room? You are not alone and your worry is not without reason. Data breaches are becoming more and more frequent, and identity theft has become a sustainable business that will not be eradicated at any time in the near future.
In Giva's recent article, "Healthcare Data Breaches on the Rise: Implications and Solutions" published by Becker's Health IT & CIO Review, a new solution is proposed in a way which renders the data "valueless" to hackers. The article explains a new system that, once implemented fully, would provide aliases for each patient so that hospitals and healthcare workers can focus on their already-challenging jobs instead of worrying about also protecting vast amounts of Protected Health Information (PHI).
In June 2016, a Canadian university found itself the victim of a ransomware attack. The malware encrypted all of the school's files as well as their email system, affecting professors, students, and administration. As a result of the widespread and urgent need to access the school's files and email system, the University paid the bitcoin ransom of $20,000 in exchange for the decryption keys in order to gain access once again.
The U.S. Health and Human Services (HHS) Office for Civil Rights (OCR) first began conducting HIPAA audits in 2014 and is continuing with phase two this year. The purpose of these audits is to ensure the protection of each individual's personal information. The second phase examines decryption and encryption, facility access controls, and additional high risk areas that have yet to be specified. If your company is being audited, it will receive an audit notification letter from the OCR and should plan for an estimated 30 to 90 day procedure.
With this knowledge, your company can begin to prepare for the assessments to make certain that you are ready.