How to Protect Your Organization from the Next Phishing Scam

Posted by Ken Reiher

Gerry Blass, President & CEO, ComplyAssistant

Jason Tahaney, Director of Technology, Community Options

In today’s world, it’s easier than ever for hackers to take advantage of organizations online. Recent examples of this have come in the wake of the Colonial Pipeline attack and the Scripps Health EHR breach. The repercussions of both attacks—which include gasoline shortages up and down the east coast and disruption of EHR, website, and patient portal—are continuing to be felt long after the bad actors do their dirty work. So, what can organizations do to protect themselves from the next phishing scam?

Challenges in the Healthcare Industry

In a recent edition of HCPro’s Revenue Cycle Advisor, ComplyAssistant’s very own Gerry Blass and others in the industry spoke to the challenges that HIM professionals have faced in light of Cofense’s 2020 Annual Phishing Report. They also offered insight and perspective on how to mitigate these challenges.

Specifically, the report found that credential theft is the driving source of phishing attempts, ranked at 59%. Business email compromise made up for 15% and malware was 5%. The percentage of business email compromised was significantly higher in healthcare than in any other sector.

Blass explained that a big reason for this is that many healthcare providers are distracted as a result of the COVID pandemic. Given the rise in telehealth and remote workers, hackers are more motivated than ever to carry out different attacks. “I wouldn’t think that other industries are as distracted as healthcare workers, overall,” Blass said.

Phishing Scam Precautions for Health Organizations

As outlined in the article, there are some precautions that industry leaders can take to ensure they are not the next victim of a phishing scam. These include:

  • Know the signs. Recognizing what phishing attempts look like is one of the best ways to combat them. Train your organization to know that if they click on a link that takes them away from your company’s system and asks for a username and password, it’s probably not secure.
  • Brand your login page. The Cofense report highlights the fact that it’s easy for hackers to mimic the generic Microsoft login page. However, if your page has a unique logo, this is harder to get away with. Investing in some simple branding can save a lot of headaches.
  • Target training. General training is always a good idea, but targeted training helps to hold employees accountable with the specific area of training that they need. “I would go out on a limb and say it’s more important to target your most [targeted] individuals than the broad training,” said Jason Tahaney, director of technology at Community Options.

To learn more tips for phishing protection at your organization and to read other highlights from the Cofense report, view the full article here.