Ethical hackers say that phishing emails are the biggest risk to HIPAA compliance.

At Black Hat 2017, a hackers convention, Bitglass surveyed 129 White Hat* and Black Hat** hackers to determine the easiest ways to get into a network and gather information.  According to the survey results, 59 percent stated that phishing emails are the best way to hack into a network.  Our partners at MainNerve stated the same thing.

The issue with phishing comes from the fact that human error is always a concern.  With the electronic society we now live in, the sheer number of emails an employee receives on any given day increases the likelihood that a phishing email will slip through the email and firewall filters and an employee will open that email.  Once opened, there could be malicious software attached, such as ransomware, or an employee may feel the need to respond to an email with information that shouldn’t have been shared.

As soon as a hacker has the keys to the health care organization’s kingdom, it’s now a HIPAA compliance issue.  Ransomware is a HIPAA compliance issue because patient information is now inaccessible.  If a hacker gains access to the network, he or she may start harvesting information.  Similarly, if a hacker gains access to an email account, any protected health information (PHI) contained in that account is now accessible to the hacker.

 

To help protect against phishing attacks and the severe risk to HIPAA compliance, start using the HIPAAgps training videos today.

 

 

*White hat hackers are ethical hackers; people employed to act like a malicious hacker to determine possible vulnerabilities and risks for organizations so remediation can be made.

*Black hat hackers are more malicious in that they tend to hack for personal reasons, though they may anonymously share what they learn for beneficial reasons.