By John Harris, chief technology officer, SIGNiX
The number of ransomware emails jumped 6,000 percent between 2015 and 2016, per an IBM Security study. To put that into perspective, SonicWall reports there were 3.8 million ransomware attacks in 2015 and over 638 million in 2016. Despite the staggering increase, ransomware attacks are expected to continue rising in 2017, with some analysts expecting them to double.
Of all the industries targeted, healthcare is particularly susceptible to such attacks because it relies on having access to critical information at all times. But ransomware isn’t the only cyber-attack hitting the healthcare industry — there’s also malware, phishing, Distributed Denial of Service (DDoS), and more. In fact, 89 percent of healthcare organizations have experienced some type of data breach that resulted in stolen or lost patient records, according to Healthcare Dive.
So how can healthcare organizations protect private patient information from cyber criminals? Following are five ways.
Equipping your people with the knowledge and skills to defend against an attack should be a key part of your cyber protection strategy. Train employees to identify red flags in their email communication, as it is one of the most common methods used to spread cyber-attacks. Phishing emails can be difficult to detect, but misspelled words, links or domain names will often reveal a fraudulent message.
As you educate your team, implement certain guidelines to govern how they handle data, like not sharing passwords and requiring multi-factor authentication to access files, to further protect patients’ privacy.
With digital signatures, patients can complete, sign, and submit paperwork online before their arrival. Not only does this save time for both the patient and the provider, it’s also more secure. Instead of putting that sensitive information on paper, which is handled and seen by numerous people, it can be securely uploaded to a cloud-based system that can only be viewed by authorized users. Few e-signature technologies allow you to comply with HIPAA regulations, so it’s important to look for a platform that includes identity verification, tamper-evident technology and a comprehensive audit trail that records each step of the signing process.
Healthcare organizations rely on different software vendors to handle various processes like billing, document management, and more, so making sure their security standards meet yours is a key factor in your organization’s cybersecurity program. Before selecting a new software vendor, be sure to do your homework. Identify the key privacy and security features your organization needs, and don’t settle for a vendor that can’t live up to your standards.
It’s not uncommon for an organization to keep more than one copy of data or documents containing confidential information, and sometimes unnecessary copies are maintained outside of the enterprise’s control. For example, e-signature vendors frequently store e-signed documents so the document and signature’s legal validity can be verified. With a true digital signature, however, the necessary legal evidence is permanently embedded in the document maintained by the healthcare entity or its storage provider, and the digital signature vendor can delete its copy with no loss of legal proof. By limiting your data footprint, you can decrease the risk of your data being wrongly accessed.
The risks of a cyber-attack are too great to ignore, especially when patients’ privacy is on the line. By implementing these steps, healthcare organizations can better defend themselves against costly, interruptive data breaches and focus on what they do best — serving patients.
About The Author
John Harris is the chief technology officer at SIGNiX, the first independently verifiable digital signature company in the U.S. that makes signing documents online safe, secure, and legal for any business. Learn more about what makes SIGNiX different at www.signix.com or on Twitter at @signixsolutions.