If there’s one thing that hospitals don’t want to happen in today’s time where risks are everywhere, it’s having the confidential patient health information to fall prey to hackers. That’s why your health facility have to do everything it can to prevent cybersecurity problems.
Hospitals have recently faced various cybersecurity Florence SC threats. The question now is how can your facility fight back? Is there anything you can do to reduce your risks? Listed below are three cases faced by the industry recently and what lessons they have to offer.
Older Systems
There are a few hospitals that are still using older operating systems on their computers. They have to keep these devices off their networks so they can’t connect to the internet.
Beth Israel Deaconess in Boston did this with one of its equipment. However, the health facility encountered some problems when the computer required a firmware update. The technician hired to fix it inadvertently connected the computer to the internet in order to download the update.
It didn’t take too long before different malicious programs were downloaded and the computer became unusable. Cybercriminals got access to the information stored on the machine using these programs – a computer located in China got accesses to 2,000 patient X-rays, which was sold on the black market.
So, the lesson here is to make perfectly sure that all of the computers in your facility is running support and recent version of operating systems and have all the programs required to protect them against spam programs and malware.
Fake Website
In most cases, hackers trick staff s they can obtain access to confidential data. One scheme that made a lot of problems for Massachusetts General had something to do with bonuses for doctors. The scammers made a fake version of the actual payroll portal of the hospital and it looked like the real one. The only notable difference was a few different letters in the web address.
Doctors got an email asking them to log into the payroll portal in order to authorize a potential bonus payment. As expected, many doctors agreed. They logged in using their credentials thinking that they would get the promised cash. However, hackers managed to get the doctor’s confidential information instead. They used it to log into the legitimate payroll portal of the hospital and rerouted the direct deposits for the paycheck of the doctors to different accounts. Then they purchased Amazon gift cards using the money.
Although this scheme targeted the bank accounts of the providers, a savvy hacker may try similar tricks to get electronic health records system user names as well as the passwords.
The lesson here is to always remind your staff to double check the websites to make sure that they are authentic. You should also add in another layer of protection like a security question, before the provider can log into the payroll system – especially when they try to access these systems outside the facility.
Malware on Mobile Devices
Cybercriminals do not just target computer systems – they also install malware on to the mobile devices hoping that they could steal confidential information for accessing confidential accounts.
A nurse, who was on break, downloaded the Angry Birds game on her mobile phone. But she used a Bulgarian site instead of getting the app from a reputable site like Amazon or Google. As a result her phone got infected with a malicious software.
Later she used her mobile phone to check her work email. The software saved her information and sent them to email spammers. They used her compromised account to send spam messages.
No PHI were taken, on the off chance that she discussed patients in her work emails that she sent to her colleagues, the hospital she was working for would be faced with a huge scandal.
The lesson learned here is to always remind your staff to remain cautious whenever they are using their personal devices to access their work email as well as other hospital network system. Always remind them to avoid downloading any program that comes from suspicious websites because they may contain hidden malicious software that may infect the hospital network and compromise the PHI safety.
No comments:
Post a Comment