Healthcare organizations have been under attack in 2020. In addition to the debilitating COVID-19 virus that overran hospitals and doctor’s offices, they have been under an onslaught by cyber-related attacks.
Ransomware has skyrocketed, so much so that the U.S. government has issued official warnings about it. There have been large breaches at major hospitals and pharmaceutical companies. In 2020, a ransomware attack claimed its first fatality. (After a ransomware attack closed down a nearby hospital, a German woman seeking treatment had to go to a more distant one.)
These attacks have many vectors, but the top one, by far, is email. If email is not protected, breaches will happen. And in healthcare, that leads to the release of sensitive information.
The rise of email-related breaches in healthcare has been staggering. In 2012, according to data from the U.S. Department of Health and Human Services, just 4 percent of breaches involved email. In 2020, that number, according to an Avanan analysis of HHS data, reached 42 percent.
In order to take stock of the larger phishing problem, Avanan released a white paper that discusses email, ransomware, DLP and ePHI issues in the healthcare space. Additionally, we’ll discuss how HHS has failed to describe how organizations should best protect themselves while staying HIPAA compliant. Also, we’ll discuss the best ways to protect your healthcare organization.