With cyberattacks now the leading cause of healthcare data breaches, according to a new study from the Ponemon Institute, practices of all sizes must train employees on how to protect sensitive information.
"Don't assume employees know about these risks," urged a recent post from American Express Open Forum. "Without formal awareness programs, employees are likely to make the same mistakes made by so many in other companies."
In particular, teach staff to be on the lookout for phishing scams, which led to a breach that impacted about 3,300 patients of Boston-based Partners Healthcare in November, Business Insurance reported. Although there has been no indication to date that patient information in that case was misused, compromised data included names, addresses, dates of birth, telephone numbers, some Social Security numbers, as well as medical details and health insurance information.
It is not unusual for even tech-savvy employees to fall for fraudulent emails that trick them into downloading a virus or sharing IDs and passwords with hackers, according to Open Forum. The following are warning signs of a phishing email:
- Spelling mistakes or generic language such as "Dear Customer"
- Threats such as "Act now or your account will be disabled"
- Requests for confidential information, including passwords and credit card details
- Suspicious links (hover over the link to see whether it matches the site it claims to)
These rules all apply even if an email looks like it's coming from a known or trusted source, as hackers often impersonate parties (e.g., hotels) discussed on social media.
In addition, to make your practice less vulnerable to phone scams and risks associated with mobile devices, use the following safeguards:
- Ask all callers claiming to be from technical support to prove their identity before sharing requested information
- Implement mobile device policies that require encryption of sensitive files, allow users mobile wipe capability and offer secure email and texting
- Never use unsecured public Wi-Fi networks to access personal or sensitive information