From the Desk of Art Gross – ICYMI
Art is an industry expert on HIPAA, security, and compliance for healthcare providers. From early on, Art recognized the need to help protect patient data and comply with complex HIPAA security regulations. He leveraged his experience supporting medical practices, in-depth knowledge of regulations and information technology to form HPAA Secure NOW!.
We have been syndicating his column on HealthIT Answers since 2015. His articles are some of the most read on our site. Here are a selection of those articles.
Phishing Attacks on the Healthcare Industry
What is Phishing? Phishing is the practice of tricking users by imitating reputable companies in order to reveal personal or confidential information which can then be used in a more illicit manner. This is done via a deceptive email or website, and often in a combination of both. Spear phishing takes the manipulation one step further by making it a more customized and targeted attack on the individual. The email is customized to appeal to or target the individual rather than a broad and generalized message. The term ‘phish’, pronounced like fish, is based on the analogy of an angler throwing out the baited hook with the hope of getting a bite from an unsuspecting victim.
Why Do Hackers Love Healthcare?
Cybercrime. It has become a regular part of the conversation around healthcare. We are regularly presented with the stats, and we know that the risk is greater for our businesses when it comes to cybercriminal activity. WHY is that the case? While some factors may seem obvious, let’s look at some of the other issues in the healthcare industry that might be causing this increase in risk.
Protecting Against The Threat of Ransomware
Recently a memo went out from the White House and Cybersecurity and Infrastructure Agency (CISA) to industry leaders that emphasized the threat posed by ransomware within their businesses as well as emphasizing just how important it was to the current administration to prioritize the awareness. The memo also is putting the responsibility on the private sector to take ownership of their part of the equation in protecting themselves, and ultimately businesses, against the threat of cybercrime.