Increased Cyber Threat in Healthcare : A Communication Issue

Cyber-attacks are a problem for any organization that shares information over the internet. Lately, the healthcare industry is becoming a major target of cyber predators. But, the key to defending against such attacks may not lie within the IT department. It may be a communication issue.

The Increased Threat

The cyber threat to healthcare is increasing at a significant pace. One report cited 22 major public breaches in the past 14 months. That is more than one major breach each month. Additionally, 88 percent of all healthcare manufacturers have had malware infections. Further, 96 percent of all ransomware affecting the healthcare industry targeted medical treatment centers.

It’s Not Just an IT Problem

As the report cited above suggested, the healthcare industry’s most significant vulnerability may not be within their IT departments. Such departments may have their security apparatus up to date with the latest security standards. The technical side of their cyber security may be state of the art.

As one senior healthcare official stated, cyber criminals are attacking the healthcare industry from every angle. And it appears that the key vulnerability is not technical. It can be hard to infiltrate systems through high-tech attacks. So, cyber criminals often resort to a low-tech approach. They gain access to systems through members of the organization. The method is social engineering. Social engineering involves a form of psychological manipulation to gather information or gain access to systems.

Unfortunately for the healthcare industry, healthcare personnel generally rate low in social engineering awareness. The report cited above suggested as low as 15^th out of 18 industries reviewed. A survey of nearly 200 healthcare organizations found that their IT personnel considered “social engineering attacks were the most common security threat across all organizations and ransomware was the most common security exploit.”

[Tweet “Social engineers use communicative techniques to gain information from unsuspecting workers.”]

Communication Is Both Problem and Solution

Stopping cyber threats through communication. So, the problem is not technical, it is personal. The problem and the solution is communication. Social engineers use communicative techniques to gain information and access from unsuspecting workers. While they do not realize it at the time, these unsuspecting workers become insider threats to their own organization’s IT infrastructure.

Some might find this strange that healthcare workers tend to be particularly vulnerable to social engineering attacks. After all, they understand such concepts as patient privacy and confidentiality. And they receive recurring training in protecting patient information as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA provides guidelines for data privacy and security provisions for safeguarding medical information.

Social engineers are crafty and careful. They also have an unlimited number of approaches they can use to avoid going near HIPAA-related discussions. Healthcare workers trained to be aware of HIPAA security guidelines will often let their guard down when the topic of discussion seems benign.

Intelligent Communication

So, how can healthcare organizations increase their defenses against this low-tech form of cyber-attack? First, they can improve their employees’ communication skills. They can make them aware of influence and elicitation techniques used by social engineers. Additionally, they can train their workers in defensive techniques, counter-measures and reporting requirements.

There are added benefits to this approach. Learning communication skills can make workers better at stopping social engineering attempts. But it can also improve their overall work performance. They learn to listen better and express themselves more clearly. Teamwork improves, as well. Additionally, workers may discover benefits in their personal lives. A good personal life can contribute to a better work life.

We would love the opportunity to work with your people to improve their communication and defense against social engineering attacks. Contact us for a consultation.

Be swift to hear and slow to speak,

rjm