Analecta Cyber Company Blog: Strengthen Employee Training Programs

2016-10-07

Strengthen Employee Training Programs

Healthcare Phishing attacks exponentially increased in number, but there are several things that an organization can do to improve its measures in data security.

Undoubtedly, cyber criminals are targeting healthcare industry. Just recently, we have heard reports about hospitals that fell victim to cyber-attacks like MedStar Health’s Union Memorial Hospital in Baltimore, MD, Methodist Hospital in Henderson, KY and the Hollywood Presbyterian Medical Center.

Recently, reports from the Verizon Data Breach Investigation observed a rise in attacks of about 16 percent overall this year. A study by the Brookings Center for Technology Innovation reveals that a 3x increase of data breaches (23 percent) in healthcare over the last two years.

Additionally, research conducted by the Ponemon Institute and BrandProtect surveyed the leading enterprises and security teams, which found out that there is a pervasive and serious threat using phishing and mobile-based schemes.

Clearly, there is an improvement on how these cyber criminals conduct their schemes but there are substantial ways that the healthcare CISO (Chief Information Security Officers) can do to protect its organization. 

Look-out for Cyber Threats

Any CISO should get ahead through proactive searchs for suspicious activity within the organization to stop the threat before it brings havoc to the organization. In their pursuit to carry-out illegal activities, cyber criminals may be impersonating hospital's staff and its executives through a duplicate and or dummy online profile on Facebook, Twitter or LinkedIn. These profiles are used to build connections to real people in the organization which in turn gives them access to an unauthorized user groups.

By monitoring the black market activity, you will be able to know if there is already a data breach when patient records are offered for sale. 

Educate Staff Members

Cyber security officers should take necessary steps by creating cyber threat awareness and best practices for all employees, doctors and network members. A well-informed user is less likely to fall victim by a malicious email. Regularly send them reminders of the perils on spear phishing and downloading unverified mobile apps. Conduct webinars, lunch time sessions, and other educational programs that could improve their skills in identifying such threats.