protecting data against breaches, damages, and cybercriminal activity

Cybersecurity Strategies to Combat Cybercriminal Activities

Cybersecurity Strategies to Combat Cybercriminal Activities

Written By Chad Schiffman at Healthcare Compliance Pros

The Exponential Growth of Cyber Threats

Cybersecurity has been a hot topic lately and is frequently in the news by our government and various other high-profile organizations. Cybercriminal activity is predicted to be at an all-time high and to cost the world over $6 trillion this year. In a recent statement by President Biden, he stressed the importance of improving our domestic cybersecurity and bolstering our national resilience. In addition, he mentioned the majority of America's critical infrastructure is owned and operated by the private sector. This included the healthcare industry - an industry that had been a constant target for cybercriminals.

Protecting Against Cyberattacks

In a related publication titled, Act Now to Protect Against Potential Cyberattacks, organizations are encouraged to execute several steps with urgency:

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
  • Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors;
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
  • Encrypt your data so it cannot be used if it is stolen;
  • Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents.

Building a Plan to Prepare Your Workforce

Workforce flow

Your organization's cybersecurity strategies to combat cybercriminal activities start with cybersecurity awareness. Cybersecurity awareness is important for everyone in a healthcare organization. Employees must know what's expected of them and the ramifications of non-compliance. This is part of "due care" and is especially helpful in the event of a liability case.

Cybersecurity awareness can be completed with online training, employee handbooks, posters, and other training aids. And at a minimum, initial and annual refresher training should occur - however, ongoing training/reminders are preferred, especially because cybersecurity threats are a constant.

Cybersecurity awareness training should teach employees about the most common and pertinent cyber threats. The most common way for bad actors to infiltrate an organization is through the workforce with tactics such as email phishing. In addition to phishing, ransomware, loss or theft of equipment, insider, accidental, or intentional data loss are common threats that can be mitigated with cybersecurity awareness training.

The U.S. Department of Health and Human Services (HHS) recommends the following steps:

  • Train staff to recognize email phishing techniques - employees should be aware of suspicious email addresses with urgent prompts and "too good to be true" messages. Anti-phishing campaigns with real-time training such as "take the bait" exercises are a good idea.
  • Educate employees on the risks of insider threats - employees should understand the security risks and the consequences of falling victim to an insider attack. Employees should understand how to report suspicious or malicious activity. Malicious activity should be investigated and logged by your organization's cybersecurity department.
  • Keep training constant to deal with the short shelf life of learning and development needs - this means providing effective and relevant training for your employees that offer continuous and ongoing campaigns to maintain awareness of current trends, issues, and events. The healthcare industry is constantly under attack from hackers that try to steal valuable Personally Identifiable Information (PII) and Protected Health Information (PHI). Training must be relatable to threats that affect their work environment every day to arm your employees with actionable steps that will apply to the current threats.
  • Train employees on password protection procedures - Regularly remind users that they must never share their passwords. Require each user to create an account password that is different from the ones used for personal internet or email access (e.g., Gmail, Instagram, Facebook). Remind them never to write their password down on paper where others in the office may have access to it.

Recommendations for Cybersecurity Best Practices

Cyber threats are constantly changing, and the threat to healthcare offices and organizations is real!

For more detailed information on "Cybersecurity Compliance," view the educational compliance webinar available on-demand (designed by our team of compliance advisors):

📽️ Watch Again: Replay the recording for "The Cybersecurity Webinar: How to Be Cyber Aware and Practice Safe User Habits" (05/03/2022), if you would prefer an audio learning style; or

📄 Check out PDF copy: Download your copy of all the Cybersecurity Webinar Slides (PDF), especially if you learn better from a printable version.

Webinar Cybersecurity

Webinar replay: Healthcare compliance experts on Cybersecurity - Watch the Zoom webinar here.