4 minute read
Top Ways to Protect Your Email—and Your Practice—from Cyberattacks
Top Ways to Protect Your Email—and Your Practice—from Cyberattacks
Robert McDermott
CYBERCRIMINALS use email attempts as a back door to gain access to highly lucrative protected health information (PHI). They don’t just steal PHI for a one-time ransom payment, they are also selling patient data on the dark web. And, they can take even one step further by turning the email target directly back to the patient whose data they have just stolen.
This means your practice is vulnerable to potentially huge financial payouts to criminals and to also being penalized for the significant breach in HIPAA privacy. The level of HIPAA fines ranges from the number of records stolen to the amount of safety precautions in place to protect patient information in the first place.
Understanding what cybersecurity threats exist is fundamental in being able to protect your practice and patient data. Two of the bigger threats are described below.
PHISHING ATTACKS
Fake emails and fake websites are designed to fool individuals into providing data to what they believe is a trusted source, such as a business or person with whom they are familiar. With the recent rise of “spear phishing,” cybercriminals target specific individuals by name, title and other personal details. This information is often pulled from social media accounts and other online sources. These emails can look convincingly authentic. If you take the action requested, ransomware may have just infiltrated your system.
RANSOMWARE
Ransomware is designed to lock your systems or encrypt your data, which prevents your organization from accessing and using it until a ransom is paid.
Ransomware, and the groups that utilize it, usually enter through end-user access. This may include phishing attacks to get login credentials, often without the user knowing it. This way, cybercriminals gain access to your system with the ultimate goal of controlling it.
FIVE TIPS FOR IMPROVING EMAIL CYBERSECURITY IN YOUR DENTAL PRACTICE
1. Train your team
Cybercriminals capitalize on human action, aka, human error, so training your team is among the most important email cybersecurity steps you can take. The goal is to get you to share things you shouldn’t, like passwords, credit card or bank information. Learn to recognize signs of phishing and spear phishing attempts.
2. Use encrypted email
Protected health information should not travel in or out of your general email inbox (Gmail, Yahoo!, etc.). HIPAA-encrypted email can protect your accounts from unsolicited emails, which means malicious messages will never make it to your inboxes. Remember, encryption is a critical factor but can’t operate on its own. If you’re using popular “straight-out-of-the-box email services,” there is a very low likelihood you’re meeting all HIPAA requirements.
An important additional level of PHI protection comes with using cloud-based email software that stores all of your ePHI at secure, remote data centers (not on the server in your back closet).
3. Limit cybercrime access points
The safest HIPAA-compliant email meets all HIPAA safeguards, transmits across a private encrypted network (not the public internet) and encrypts email both in transit and at rest in your inbox.
4. Control your inbox
Any HIPAA-compliant email that requires you to initiate the first email communication to those outside your network is the most secure way to know you will be receiving email from a trusted source.
5. Work with partners who provide and clearly prioritize strong security
As with any business partner, you want to do your due diligence. Consider their reliability and security, their expertise and do your research. A failure on their part to secure data is, ultimately, a failure on your part.
There are a lot of measures you can take to ensure the safety and security of your dental practice and the sensitive data contained within. While no measure is foolproof, implementing risk mitigation efforts is required not just by law, but through your commitment to your patients, your team, and your practice. z
Mr. McDrmott is president and CEO of iCoreConnect. NYSDA endorses iCoreExchange HIPAA-compliant email. iCoreExchange not only meets or exceeds every compliance and security requirement, it also allows you to attach as many large files as you want to any single email. Book a Demo or call 888.810.7706. NYSDA members receive a substantial discount on iCoreExchange.
