It’s a general consensus that banks and financial institutions have a lot to lose financially from being hacked into, however people tend to forget how much Personal Identifiable Information (PII) the health industry holds and just how valuable that is! Think of all the PII a hospital or clinic holds on its staff, patients (past and present) and the community!
With the recent global cyber attacks that have occurred in over 100 countries – in the UK, hospitals around the country were hacked – now, data security is more important than ever, especially for health and aged care.
Due to the hackings, operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Health care staff typically have access to sensitive personal information on a large number of patients, which makes their devices prime targets for hackers looking to steal that information.
Hacking has become a multimillion dollar business with Ransomware attacks on health care organisations four times higher last year than in 2015. It is an extremely worrisome shift towards targeting vulnerable hospitals and health care clinic devices to gain access to personal information. In the past week Emory Healthcare was hit by Ransomeware with over 200,000 patients detail hacked!
Doctors, nurses and staff can protect sensitive patient information, as well as their own reputations, by sticking to some common-sense guidelines.
Encrypt laptops and other devices so that the information on them will be unintelligible to anybody who steals them. Without an encryption key, data on an encrypted device will be nothing more than ones and zeros.
Recommendation: Utilise built-in encryption programs that are available on most modern operating systems if you don’t have the budget for an enterprise-grade solution.
Army grade encryption will not keep a hacker out if you use weak or easy-to-guess passwords, remain logged into public devices or if your anti-virus software is outdated.
Recommendation: Install system updates regularly and maintain the latest version of your anti-virus programs. This will ensure the latest threats to your data and your operating system will be caught by your security software. Don’t let convenience trump good security.
Practice safe surfing. It is imperative to remain vigilant and to be able to recognise phishing scams, where hackers send emails with links or attachments that trick users into giving them access to their information, either by providing their credentials to a bogus web site or by executing malicious software on their machine.
Recommendation: Since these can spread easily among coworkers, we recommend IT staff provide professional security training/guidelines to get all staff members up to speed on this threat. To enhance the barriers for staff, patients and guests to surf outside the flags Trident Health recommends considering anti-virus, anti-spam and web content filtering controls.