The easiest and most direct route into your IT system for Cyber criminals is through your email. It is open to security threats such as ransomware, phishing and other malware. And the healthcare industry is a prime target for Cyber attacks.
The problem with email
Cyber crime has evolved as ransomware developers realised that they could make more money from businesses and large organisations with lucrative data and deeper pockets than individual people. Previously, ransoms were for small amounts of money, but newer viruses have bigger demands, such as WannaCry which is reported to have cost the NHS £92m in 2017.
The problem continues to grow. Hackers are now increasing revenue streams through ransomware-as-a-service (Raas) – where they share profits from the distribution of malware.
Not only this, but ransomware is being more targeted – and demanding varying ransom amounts depending on the perceived value of the data that it finds.
Attacking your email
Spear phishing is one of the most common methods of ransomware attacking your IT systems. This is when an email with a malicious attachment is sent to you. If you open this, it attacks your system and spreads the virus.
It is attacks like this that take advantage of human error and IT systems that are not up to date. Being vigilant and suspicious of all emails you receive until you are sure that they are genuine is key. So too is installing security patches and software updates on your IT systems.
Protect your practice
There are a whole host of companies, software options and techniques out there that can help you protect your practice from an attack.
Some suggestions for reducing your risk:
- Implement a robust security policy which has been devised by experts, and is regularly reviewed and updated as technology and Cyber crime evolves. Make sure your whole team understands the policy and their responsibilities in preventing attacks.
- Staff training is important so that people know what to look out for in a suspicious email.
- Using collaborative technology that allows you to share documents without the need for attachments (such as Microsoft SharePoint).
- Increase your email system security, for example by using an email gateway that scans incoming emails for potential threats.
For everything else there is Cyber liability insurance
The consequences of a Cyber breach are far reaching. Your patient data can be held to ransom, it could be sold to criminals, and it could be lost to you. This affects your patients, your finances, and your reputation.
Even if you have the best security defences, you cannot plan for everything. In the event of a successful attack, are you prepared?
Your Practice insurance may or may not give you a certain level of cover in the event of a Cyber claim. However, to truly have full support in time of a security breach, you should choose a specialist Cyber liability policy.
As well as defending legal proceedings, paying compensation and managing the process to follow after an attack, you will also get help and advice on how to improve your Cyber security.
Find out more about Cyber liability insurance.
Alternatively, call us to chat through your practice’s requirements.