In Verizon’s 2017 Data Breach Investigations Report, the findings suggest that ransomware is on the rise. Covered entities and business associates need to utilize more HIPAA compliance training resources to ensure their staff know how to protect against the growing number of cyber-attacks.
Last week, news about the WannaCry ransomware attack had many health care entities scared, and rightfully so with cyber-attacks on the rise, patients’ health information at stake, and severe financial losses awaiting ill-prepared organizations. Health care organizations of all sizes must take steps to protect their organization from these attacks.
In the Verizon breach report, the company identified several cyber security trends. The report states that about 75 percent of all breaches were perpetrated by outsiders; 62 percent were caused by hacking; and, 51 percent of the breaches investigated included malware. Additionally, 66 percent of malware installed was through malicious email attachments.
The top 39 percent of breach victims were financial and health care organizations and 73 percent of the breaches were financially motivated. There is a lot of information in health records that malicious hackers can use to acquire more money. Even if account information is not provided, much of the information in health care records can be used to gain access to other accounts; information such as name, date of birth, and residential address. If the social security number is included in the health records, it’s even easier for hackers to get into a patient’s bank account.
The Data Breach Investigations Report also suggests most breach victims are businesses with fewer than 1000 employees. Cybercriminals are now targeting small to medium sized businesses because these businesses often don’t feel like they will ever be victims.
Additionally, the report states “that around 1 in 14 users were tricked into following a link or opening an attachment- and a quarter of those went on to be duped more than once.” This suggests that users are not always aware of what they are clicking on. Employees should receive training for how to identify and handle phishing emails.
HIPAAgps provides an extensive HIPAA compliance training module to help health care employees know what malware is and how to handle cyber-attack situations. Along with this training module, health care organizations can contact MainNerve for more specialized cyber-security training. Start learning today what you can do to protect your organization from malware attacks.