How to fend off a hacker

We’re all on the front lines when it comes to cyber-attacks. Any USA Health workforce member (employee, student, contractor, etc.) who interacts with an email by clicking on a link or opening an attachment could inadvertently expose USA Health data to a hacker.

The healthcare sector saw 15 million patient records compromised in 503 breaches in 2018, according to the Protenus Breach Barometer. By the end of June 2019, the numbers had soared with potentially more than 25 million patient records breached.

“Both ransomware and phishing attacks are increasingly common and are having devastating effects on businesses of all sizes,” said Linda Hudson, Chief HIPAA Compliance Officer at USA Health. “Fortunately, there are ways to assist in identifying these attacks and prevent them from succeeding.”

The Office of HIPAA Compliance urges all employees to “think before you click.” Users are urged to send any suspicious correspondence to hsis.emailreview@health.southalabama.edu and allow for a review of the potentially malicious email before clicking. Taking these few extra moments to send an email for review could help thwart an attack and prevent a breach.

It’s estimated that 95 percent of targeted attacks against organizations begin with an unsolicited email -- an email the recipient did not expect to receive, Hudson said. If it’s opened, a phishing attempt (an effort to get the user to provide personal sensitive information such as usernames and passwords) could be exploited or ransomware (malware used to make data inaccessible) could invade USA Health systems.

“Criminals know healthcare organizations must have access to their systems and that the data they store is worth a lot of money to criminals,” Hudson said. “They target them as potential victims, because they know the data is crucial and lucrative.”

Employees should take these precautions to help prevent cyber-attacks, both at home and at work:

• If you do not recognize the sender, don’t click on any email attachment or link. You should always hover your mouse over the email to ensure that the sender is truly who it says it is. Hackers often “spoof” (fake) email addresses and links to make them look like something they are not.
• Be wary of any email with a sense of urgency, one that requests personal information or an offer that appears too good to be true.
• Emails containing threats from companies such as banks, delivery services, credit agencies and the government thrive on your fear and knee jerk reaction.
• Watch for email addresses that are close but not exact, misspellings or logos that seem off.
• Use a pop-up blocker.
• Do not “run” or “enable” macros.
• Install security updates when prompted. Update third-party applications such as Adobe, Java, Word and Excel.
• Do not install software from untrusted sources.
• Back up all critical data. HSIS takes care of our infrastructure, but if you are responsible for an individual system or application, make sure that backups are completed and validated on a set timeline.
• If you think you have clicked on a malicious link or attachment, unplug your machine and disconnect from wireless.
• Forward any questionable emails to hsis.emailreview@health.southalabama.edu or call the HSIS Help Desk at 251-445-9123 or Office of HIPAA Compliance at 251-445-9192.