HELPING HEALTHCARE PROVIDERS UNDER CYBER ATTACK
The healthcare industry is under cyber attack. It is the victim of high-profile ransomware attacks - in some cases, such as the recent WannaCry outbreak, entire hospital operations have been shut down. And some of the largest breaches on record have targeted health insurers and patient care facilities. This is no surprise when the value of protected health information (PHI) on the black market is at least 10X higher than credit card data. Customers like Methodist Le Bonheur Healthcare have turned to Mimecast as the number of phishing and malware links coming in via email have increased. Given the number of breaches we see posted every month on the HHS website, it’s clear that just training employees isn’t enough.
At the center of this crisis are healthcare providers. You are providing critical care; you are the custodians of highly sensitive patient data (because it's impossible to imagine a scenario where highly skilled medical staff wouldn’t have access to personal and medical details), and you are handling the post care activities from the post-op follow-up to billing.
HIPAA security standards specify the necessary steps a healthcare organization must take to protect PHI. But busy staff members are bound to make mistakes. With the ubiquity of email, it’s not uncommon to see breach examples of an employee accidentally attaching a spreadsheet or document containing PHI.
Unfortunately, it’s also not difficult to find examples of employees abusing their access to PHI and systems. At the end of July, it was widely reported that an employee of the services firm LaunchPoint may have exposed PHI of more than 18,000 patients by sending a file with patient data to a personal email address.
To prevent brand damage, fines, and audits, healthcare organizations must actively seek to identify and prevent PHI from leaving the organization without the proper encryption and safeguards in place. This is just as essential as securing PHI against external attackers. However, both can be an impossible task without the right technology. Even the savviest of healthcare providers don’t have time to assess the risk of every email you receive and every link and attachment you click on, or verify and encrypt everything you send, or spend countless hours in training.
That is why, as an evangelist for the healthcare practice at Mimecast, we are working with leading healthcare organizations to help build on the vision for cyber resiliency. So, that you, the healthcare providers, can focus on the critical care we rely on.
Love to Learn AboutCyber Resilience for Email?
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly