Phishing and ransomware are not new concepts in 2020, but there is a new target for cyberattacks in late October – U.S. healthcare.
On Oct. 28, 2020, the Department of Homeland Security issued a formal alert in partnership with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) about “increased and imminent cybercrime threats” to U.S. hospitals and healthcare providers.
In the alert, they outline guidance on how organizations can protect themselves against attacks. Here are a few key aspects where SAI360 can also help prevent these digital risks.
1. Develop an active business continuity plan
CISA, the FBI, and DHS encourage organizations to maintain business continuity plans, the practice of identifying potential risks to executing essential operational functions through emergencies such as cyberattacks, to minimize service interruptions.
Ideally, a business continuity plan should be a living document, reviewed on a regular cadence so that your organization can try to prepare for potential interruptions (and 2020 has been full of them).
These are just two of the many BCM and risk management tools that our team provides to help you establish a strategy for operational resilience – browse our additional insights, including the key risks to watch through the end of 2020.
2. Educate your employees – then remind them
Training and awareness about cybersecurity threats at work aren’t once-a-year events. Cybercriminals are always changing their tactics, and you need to keep employees informed. It’s one thing to block incoming suspicious emails to try to prevent phishing and ransomware; this year’s attacks are using social media and messaging apps and relying on our interwoven our personal and professional contacts.
Because end users are often targets, regularly update employees and stakeholders to make them aware of what the latest cyber threats look like and how they are delivered. Additionally, provide users ongoing training on information security principles, techniques and emerging cybersecurity risks and vulnerabilities.
3. Create a hotline
Ensure that employees know who to contact when they see suspicious activity or believe they have been a cyberattack victim to ensure you can deploy a proper, established mitigation strategy quickly and efficiently.
This year has pushed us all to adapt to many new digital experiences and, for many of us, remote work interactions are our new normal. In the healthcare community, this means more email communications between patients and providers, opening a whole new set of access points cybercriminals are using to gain access to sensitive data.
- Cybersecurity tips for healthcare compliance and privacy officers from Richard Kusserow of Strategic Management Services
- Learn more about our solutions for risk management.