How Can Healthcare Organizations Prevent Phishing Attacks?


Phishing sites have become a major issue, especially since the number of these sites is growing rapidly. Webroot reported in December 2016 that there are more than 13,000 new phishing sites created every day, nearly 390,000 each each month. By the third quarter of 2017, the number of phishing sites grew by more than 46,000 per day, roughly 1,385,000 per month.

On average a phishing site can be up and running anywhere from 4-6 hours before it is blacklisted. To fight this, companies need to create a better way to detect phishing sites. Although 4-6 hours is a short time, these sites can capture thousands of credentials before being shutdown. Not only do these sites show a high success rate, they also contain SSL Certificates; this "ensures" the end user that the site is safe.

Phishing sites do user their own domains, however DUO showed that many legitimate sites are being compromised and phishing kits are being loaded onto them. The study identified more than 3,200 unique fishing kits spread across 66,000 URLs. These phishing kits are being traded on underground marketplaces and sold to accomplished phishers and wannabe cybercriminals. 16% of those URLs were on HTTPS websites.

We cant prevent phishing sites 100%, but the exposure could be reduced. HIPAA has enforced phishing defenses in the healthcare industry, noncompliance will result in large financial penalties. Defenses include combination of technological solutions to prevent delivery of these phishing emails and to block access to these sites. 

OCR stated in their July Cybersecurity newsletter, HIPAA (45 C.F.R. § 164.308(a)(5)(i)) requires organizations to provide regular security awareness training to employees to help prevent phishing attacks. OCR explained that “An organization’s training program should be an ongoing, evolving process and flexible enough to educate workforce members on new cyber security threats and how to respond to them.”

Healthcare organizations should follow best practices such as signing up for threat Intel services which provide alerts about industry-specific attacks. 









https://www.hipaajournal.com/healthcare-prevent-phishing-attacks/

Comments

Post a Comment

Popular posts from this blog

Final Blog--Canada vs. USA: Healthcare System

In this project, my initial goal was to compare and contrast the differences of the health system between the United States and Canada. When it comes to the different health systems, a different system in a different country always seems better to many people. Many Canadians in politics believe that a free market is better, however in America we believe the single payer is the solution. The reason for the single payer system is due to the advocates in politics. One statement that was made before the healthcare bill was:  "Canada's health care system is the subject of much political controversy and debate in the country. Some question the efficiency of the current system to deliver treatments in a timely fashion, and advocate adopting a private system similar to the United States. Conversely, there are worries that privatization would lead to inequalities in the health system with only the wealthy being able to afford certain treatments" Prior to research, I thought
Read more

Tips for Reducing Mobile Device Security Risks

Security has always been an issue. Recently personal health records have become a target to hackers. HIPAA compliance is now enforcing to limit these hacks which are mainly targeted through mobile devices. Due to the rise in mobile medical practice such as Apple Watch, Fitbit, and other methods to track ones medical information, these devices are easily hackable. Laptops are another potential because of the access a patient can have to their online medical records. Between January 2015 and October 2017, there have been 71 reported breaches which involved laptops, smartphones, tablets and portable storage. These breaches have exposed nearly 1,303,760 patient information including plan numbers and records.  The table below shows the impacted organizations and the penalty that was handed down for failing to comply with HIPAA. Covered Entity HIPAA Violation Individuals Impacted Penalty Children’s Medical Center of Dallas Theft of unencrypted devices 6,262 $3.2 million Oregon Health &a
Read more

Research Topic- 2nd Draft

Image
Medical quality varies from what we get in the United States versus our neighbors such as Canada. If the United States and Canada can agree one thing, it’s that neither countries want the others system. Canada who practices a single payer system while the US follows who ever can afford the care. The United States has the capabilities of providing the world’s best care with the technology we have and the innovation that is around us, Canada has the same capacities but the difference comes in the cost and how that treatment is given. Quality between the two nations is significant. It is a misconception that in Canada has waitlists for all sorts of medical attention. In some capacity that is true, just like in the United States. Many US citizens are having to cross the border to Canada to receive a treatment at a much less cost and a much better quality. Canada in the recent years has become one of the countries that is at the bottom of the list for quick access to a healthcare provide
Read more