The top cause of HIPAA breaches in the healthcare industry is due to insider threats. Oftentimes, this is accidental. Employees may snoop on medical information, send PHI to the wrong recipient, or click on a phishing email, posing a real threat to their company.
No matter the reason, insider incidents continue to be the top cause of breaches in the healthcare industry.
In fact, email fraud attacks have increased dramatically in the healthcare industry. One report shows that healthcare email fraud attacks have increased 473% over the last two years.
Email attacks are not uncommon due the ease in which hackers are able to generate a breach. These attacks are inexpensive, highly targeted, and have a high success rate. Emails are also attractive to hackers because they house a large amount of sensitive and personal information.
Employees continue to fall victim to business email compromise (BEC) but this does not mean that employees are unintelligent. These attacks are cunning, clever, and often appear legitimate. Employers should provide their employees with enough cyber security training to help prevent the success rate of email fraud.
Although it may appear that way, no phishing email is perfect. There are ways that your organization can avoid falling victim to email attacks.
- Make sure you recognize the sender’s email address. Phishing attacks often use public email addresses or spell words incorrectly.
- Do not open strange attachments
- Phishing emails will create a sense of urgency to verify information. Do not verify your information through the email or click on any links. Verify the need for updated information from a direct supervisor.
- Phishing emails typically contain poor grammar or misspellings. Writing style can be a large giveaway to a phishing attack.
- Always report a suspicious email to your organization’s IT team.
Project Hosts provides your organization with a strong cyber security force. We monitor your environment 24/7, to ensure that systems are functioning correctly and that no suspicious behavior is detected. We are HIPAA and HITRUST compliant, adding an additional level of protection to your data.