We all read the reports of healthcare data breaches and cybersecurity attacks, but did you know that, according to a 2017 report from Accenture and the American Medical Association (AMA). 55% OF PHYSICIANS SAID THEY HAD EXPERIENCED A HEALTHCARE PHISHING ATTACK?

In addition, approximately half of those surveyed said a computer virus led to a cybersecurity attack. With so much at stake, we cannot assume our providers and employees know what to look for and be aware of…we have to adequately train them. And not just train at the time of hire – training should be periodic and ongoing. The healthcare arena is an attractive target for cyber criminals and organizations have the high level of responsibility of safeguarding protected health information. With phishing attacks becoming more sophisticated and harder to detect, the Office of Civil Rights (OCR) note in their recent cybersecurity newsletter, “One of the primary methods of combatting phishing attacks of all kinds is through user awareness.”

The OCR offers tips to avoid becoming a victim of a phishing attack, which include:

• Be wary of unsolicited third party messages seeking information.
• Be cautious when responding to messages sent by third parties as contact information listed could redirect you to the malicious party that sent the phishing message.
• Be wary of clicking on links or downloading attachments from unsolicited messages.
• Be wary of even official looking messages and/or links. Phishing messages may direct you to fake websites mimicking real websites using website names that appear to be official, but actually contain intentional typos to trick individuals.
• Use multi-factor authentication.
• Keep anti-malware software and system patches up to date.
• Back up your data.

Here at Compliatric, we also highly recommend periodically performing phishing simulation tests that mimic real-life attack tactics, the results of which can be shared for increased awareness and education.