Thursday, 08 June 2017 12:23

Help Stop Hackers from Robbing Healthcare

Written by

By now, you know that international ransomware attackers have hit health systems in the United States. While it’s up to the techs within your organization to apply security measures, it’s everyone’s job to thwart thieves by recognizing and avoiding their traps - often hidden in seemingly harmless emails.

Keep in mind that hackers are smart, and it’s their business to fool even the most conscientious employees in close proximity to patient information. That’s why it’s important to know the warning signs of ransomware.

Let’s start with some basics pertaining to email:

  • Beware of any kind of attachments or links within emails that are unknown to you or unsolicited. Malicious links in emails can link you directly to a malicious website the attacker uses to infect a data system. Opening an attachment can have the same effect.
  • Know that attackers may impersonate someone you know. Be extremely cautious of emails you are not expecting or that seem a little off. When in doubt, go to your supervisor or a tech before doing anything.
  • Make it a practice NOT to click on links and attachments you are not expecting.
  • If you get an automated message to update your computer’s antivirus software, click to update it. While the IT people should make sure this is done automatically, that doesn’t always happen in reality.

Of course the goal is to avoid the schemes of hackers, who typically “kidnap” information with the promise of releasing it back to its rightful owner in exchange for money. A joint study conducted by several security firms estimates that creators of one form of ransomware -- called CryptoWall 3.0 - have extracted more than $325 million from victims since January 2015.

In the event you fall victim to a ransomware scheme, you should know the tell-tale signs of being hacked so that you can seek help right away. One common scenario is that you click on a link or open an attachment and immediately realize it is suspicious. Get help, even if you’re not 100 percent sure it’s a problem.

Other indicators of a ransomware include:

  • Unusual activity on your computer for no apparent reason, due to the ransomware searching for, encrypting and removing data files, or, An inability to access certain files as the ransomware encrypts, deletes and renames and/or re-locates data.
  • Recently, attackers have been scanning the Internet for devices equipped with remote access to patient information portals. Once connected, they can try to guess passwords, or look for backdoors to gain entry. Once they’re in, they can operate just like they are logged onto your system from a monitor and keyboard.

So...

If you do not need remote access to a database containing patient information, disable the service on your computer. If you do need remote access, use it only as necessary. And make sure your password is next to impossible to figure out. By now you may wonder what the odds are that you may encounter a ransomware threat. Well, a recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016. That’s a 300% increase over the 1,000 daily ransomware attacks reported in 2015!

That is why everyone needs to have an eagle eye out for the crooks.

Here are just a few other things to keep in mind:

  • Never allow a third-party to have remote access to your computer if the caller’s authenticity cannot be verified directly through your organization or a verified Business Associate.
  • Do not trust unsolicited phone calls, and don’t give out information.
  • Do not download or purchase any unknown software or online services.
  • Follow safe practices when browsing the web - and don’t click on ads from unknown sources.
  • If you see any unauthorized people accessing patient information (including fellow employees), report the activity to your supervisor or a compliance manager.

Simple safety practices on the part of all can thwart thieves so the can’t do their dirty work. That’s the goal -- and it takes a community of dedicated workers to achieve it.

Note: Information included in this post has been compiled from email alerts distributed by the U.S. Office for Civil Rights (OCR) from May 12 through May 16, in response to interational threats impacting healthcare. Reference material includes: February 2, 2016, and March 30, 2016 cyber awareness updates, and a February 2017 newsletter, all from OCR, and a Ransomware Fact Sheet from the U. S. Department of Health and Human Services.

About the author: Diane Evans is Publisher of MyHIPAA Guide, a news and information service that gives organizations a clear and human-centered process for HIPAA compliance. Diane travels around Ohio and beyond, speaking on HIPAA-related topics and leading workshops in an interactive curriculum developed by the MyHIPAA Guide team. You may reach Diane at This email address is being protected from spambots. You need JavaScript enabled to view it..

Read 451 times Last modified on Thursday, 08 June 2017 12:36

15 comments

  • Comment Link pandora charms Thursday, 03 May 2018 13:19 posted by pandora charms

    Thank you so much for giving everyone remarkably breathtaking possiblity to read critical reviews from this web site. It's usually so useful and as well , full of amusement for me and my office acquaintances to visit your site on the least thrice in 7 days to learn the fresh items you will have. And definitely, I'm also actually motivated concerning the stunning solutions you give. Certain 1 areas in this article are unequivocally the finest we have had.

  • Comment Link chrome hearts online Wednesday, 02 May 2018 12:35 posted by chrome hearts online

    A lot of thanks for all your hard work on this blog. Kim really likes managing research and it's really easy to understand why. A lot of people know all about the powerful method you make efficient secrets on the web blog and therefore invigorate response from other people about this idea and our princess is understanding a great deal. Take advantage of the rest of the new year. You are always carrying out a good job.

  • Comment Link nike free run Monday, 30 April 2018 07:01 posted by nike free run

    I needed to create you this very little observation so as to give thanks again on your great opinions you've discussed above. It is so surprisingly generous of you to allow unhampered all a few individuals could have made available for an electronic book to get some bucks on their own, mostly considering that you could possibly have done it in the event you considered necessary. Those strategies in addition served to provide a great way to realize that some people have the same desire like my very own to find out a great deal more when it comes to this matter. I know there are numerous more fun sessions in the future for individuals who look into your site.

  • Comment Link burberry Sunday, 29 April 2018 12:49 posted by burberry

    Thank you so much for giving everyone a very brilliant opportunity to read critical reviews from this web site. It is usually very pleasurable and as well , full of a great time for me and my office acquaintances to visit your blog no less than 3 times per week to learn the latest secrets you have got. Not to mention, I'm also actually fascinated for the awesome ideas served by you. Some 4 areas in this post are ultimately the most efficient we have ever had.

  • Comment Link michael kors outlet online Saturday, 28 April 2018 13:57 posted by michael kors outlet online

    Needed to compose you one very small note so as to give thanks once again for these striking opinions you've shared on this site. It's pretty open-handed with people like you giving without restraint all that a lot of folks could possibly have supplied as an ebook to make some cash on their own, primarily considering that you might have tried it if you wanted. Those good ideas likewise served to be a fantastic way to be sure that the rest have the identical eagerness similar to my very own to realize a good deal more regarding this condition. I'm sure there are some more fun periods in the future for individuals who scan your website.

  • Comment Link Nice Kicks X Adidas NMD PK Runner Saturday, 28 April 2018 11:50 posted by Nice Kicks X Adidas NMD PK Runner

    My spouse and i felt so excited Jordan managed to finish off his web research through your ideas he obtained when using the blog. It is now and again perplexing to simply continually be offering helpful hints which often some other people could have been trying to sell. We really already know we've got the blog owner to give thanks to for that. The main explanations you made, the easy website navigation, the relationships you can give support to instill - it's got all impressive, and it's aiding our son and our family understand this situation is amusing, which is certainly really serious. Thank you for everything!

  • Comment Link vibram five fingers Friday, 27 April 2018 17:46 posted by vibram five fingers

    I am glad for writing to let you understand what a terrific encounter my cousin's princess encountered viewing the blog. She discovered too many pieces, with the inclusion of what it is like to possess an ideal teaching style to have a number of people effortlessly learn specified extremely tough issues. You undoubtedly exceeded readers' desires. Many thanks for rendering such powerful, trusted, edifying and as well as unique tips about your topic to Ethel.

  • Comment Link gucci belt Thursday, 26 April 2018 22:27 posted by gucci belt

    I happen to be writing to let you know what a magnificent experience our girl enjoyed visiting your site. She came to find many things, including what it's like to have an ideal giving nature to have men and women effortlessly completely grasp chosen extremely tough subject areas. You really surpassed visitors' expected results. I appreciate you for offering such invaluable, safe, educational and as well as cool thoughts on this topic to Emily.

  • Comment Link Michael Kors Logo Signature Large Pink Wallets Thursday, 26 April 2018 15:53 posted by Michael Kors Logo Signature Large Pink Wallets

    I am writing to let you be aware of what a notable encounter my friend's girl obtained browsing your webblog. She learned several issues, which included how it is like to have a marvelous teaching style to have many people effortlessly know precisely several tricky subject matter. You truly surpassed our expectations. I appreciate you for giving such warm and friendly, trustworthy, informative not to mention cool thoughts on this topic to Lizeth.

  • Comment Link adidas yeezy boost Thursday, 26 April 2018 06:34 posted by adidas yeezy boost

    I'm also writing to let you be aware of of the remarkable experience my cousin's child encountered reading your web page. She even learned numerous details, which included how it is like to have a marvelous coaching nature to get other folks really easily know just exactly various problematic subject matter. You truly did more than readers' desires. Thank you for offering the informative, healthy, explanatory and in addition unique tips on your topic to Julie.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

10 Step HIPAA Plan

  • Step 1: Confirm you are a covered entity +

    What's Inside:
    Lists of who is generally covered and who is not, plus contact for inquiries.
  • Step 2: Provide leadership +

    What's Inside:
    • 7-page HIPAA basics
    • 62-page guide to security and privacy of ePHI
    • Compliance Charter Template
  • Step 3: Document processes, findings, and actions +

    What's Inside:
    Templates for Security Policies and Procedures
  • Step 4: Conduct a security risk analysis +

    What's Inside:
    INTRODUCTORY:
    • Guides
    • Short videos
    • Interactive quizzes on risk assessment and contingency preparation
    • 10 common myths

    ADVANCED:
    Interactive tutorial – 156 questions with fill-able PDFs for Windows or iPad. All material from federal sources.
  • Step 5: Develop an action plan +

    What's Inside:
    INTRODUCTORY:
    • 11-page overview on ePHI for small practices
    • 4-page Q&A addresses email with patients
    • Checklists

    ADVANCED:
    Toolkit on 45 implementation specifications
  • Step 6: Manage and mitigate risks +

    What's Inside:
    • Overview of expectations
    • Annual Work Plan Template
  • Step 7: Prevent breaches +

    What's Inside:
    • Form for reporting brief notification
    • Links to details on the notification process and what constitutes a breach.
    • Suite of Training Materials
  • Step 8: Communicate with patients +

    What's Inside:
    FOR ALL:
    Privacy notice templates to help achieve meaningful consent, in English & Spanish.

    INTRODUCTORY:
    Professionals' guide covering 2013 updates on communications.

    ADVANCED:
    Electronic toolkit with patient education and meaningful consent sample materials.
  • Step 9: Update or execute Business Associate Agreements (BAAs) +

    What's Inside:
    • Sample Business Associate Agreement (BAA) provisions
    • Suite of BA Management Tools
  • Step 10: Attest to Compliance with Security Objectives +

    What's Inside:
    INTRODUCTORY:
    • Tip sheets
    • Short videos
    • Overviews

    ADVANCED:
    • 94-page guide on the EHR incentive program
    • Beginners' toolkit on reporting to the government

    All from federal sources.
  • 1

Login

Member Access