Human Error: How Your Own Staff Puts Your Practice at Risk

Healthcare: A Cybercrime Hotspot

You want to focus on your practice but you don’t want to let your guard down when it comes to IT security.

With over 100 million records breached, the healthcare sector is the top-most target of cyberattacks at one point, according to the IBM X-Force Cyber Security Intelligence Index. 

Since then, healthcare providers have tightened the IT security of their practices. However, the healthcare industry has always been one of cybercriminals’ favorite targets, not even sparing small clinics and hospitals from their attacks. 

With the coronavirus crisis, 2020 was one of the most challenging years for the healthcare sector. Cybercriminals taking advantage of the COVID-19 pandemic are only making things worse.

How can your own staff put your practice at risk?

Here are ways your employees can (deliberately or accidentally) put your entire practice at risk and ways on how to prevent them:

Scenario 1: A scammer steals the credentials of one of your employees.

Credential harvesting (also known as password harvesting) happens where your employee unwittingly provides his or her credentials through a bogus site.

How could that happen? Here’s an example:

John receives an email saying there’s a problem with his G Suite account. The email directs John to a seemingly legitimate “G Suite” website that asks for his credentials for verification. John eagerly complies so he can sort the problem immediately.

Just like that, the scammer now has John’s credentials, and freely uses the account to send another set of emails to his entire organization to steal more credentials and other data that the scammer can get his hand on. That’s credential harvesting in action.

How to prevent credential harvesting:

Beef up your email security! Your IT staff should be able to assess the risk and create preventive measures to protect your company against this threat.

Ask your IT staff to do the following:

• Implement multi-factor authentication (MFA).
• Install an email security gateway.
• While you’re at it, you can also get G Suite Business plans with discounts from a certified G Suite reseller like ER Tech Pros.

Scenario 2: An employee forwards sensitive data to the wrong person

Whether it's a text, chat, or email, we've all made the mistake of sending a message to the wrong person.

However, this can cause irreparable damages when this happens in organizations handling sensitive information like clinics and hospitals.

How could that happen? Here’s an example:

Mary, a nurse working at Brookmaine hospital for over 5 years, is on the final hour of her long and stressful shift. 

She intends to send an email containing sensitive medical information of 100 patients to her supervising doctor. Due to exhaustion and lack of sleep, Mary unfortunately sent the email to an email group that consists of other health practitioners instead of sending it to the doctor. 

Mary notices this mistake the next day when the doctor asks her about the report. She sent another email to the recipients telling them to simply delete the email.

How to prevent sending an email to the wrong recipient:

Ideally, using an EHR integrated with collaboration tools can also help healthcare providers avoid this error.

If you’re already accustomed to using email as the main mode of correspondence, ask your IT staff to deploy an advanced email remediation tool. Already using Gmail? You’re in luck. Through your Admin Console, you can find and delete emails that shouldn’t have been sent.

While we can’t totally eliminate these instances from happening, costly mistakes can be significantly reduced with the help of this tool. You can work with your IT staff to remove malicious or undesirable emails from the inboxes of your members. 

When needed, you can also have the capabilities of monitoring emails coming and going to your organization. If that sounds like a lot of work even for your in-house IT personnel, consider partnering with a managed IT services provider (MSP) like ER Tech Pros that has IT experts ready to help you 24/7.

Most importantly, encourage your employees to practice good cyber-etiquettes and require them to attend cybersecurity awareness training, which can also be done by your IT personnel if they’re capable of doing so.

Scenario 3: A disgruntled employee blasts a profanity-laden email

We’ve already talked about scenarios with employees not intending to cause harm. But what about those (soon-to-be ex-) employees who hold grudges and want to take you down with them?

How could that happen? Here’s an example:

Due to the prolonged lockdown and tanking economy, Rudy was one of the unlucky employees who lost his job in his company. Understandably, Rudy was sad and disappointed. What rubbed salt to Rudy’s wound was finding out that some of his colleagues whom he thought were not as hardworking as him were able to keep their jobs.

Rudy was furious. He sat down at his workstation for the last time and typed an email not only cursing the company he used to love, but also exposed some of its not-so-ideal way of conducting business, it’s future plans, and other confidential information. 

Without hesitation, he sends the email blast to the entire organization, its clientele, and business partners.

How to prevent profane language in emails?

Email providers like Gmail have settings that can detect and block certain words which can help you prevent obscenities and harmful exchanges in your organizations’ email communication. However, this configuration is something that you need to tinker on manually. If you don’t have the time to undergo this kind of hassle, simply coordinate with your IT staff.

If you really want to save time (and money!) in the long run and still give a huge boost to your email security, MSPs can cover this for you with advanced email monitoring tools handled by their IT experts.

How your staff can improve when it comes to cybersecurity

Your employees are your biggest asset. You probably even treat them as family. 

Your asset can easily become your biggest liability if they aren’t capable of dealing with cybersecurity in your office—this could also include your in-house IT personnel, unfortunately.

What you can do:

• Place posters, bulletin board updates, and regular email blasts reminding them about cybersecurity best practices.
• Conduct cybersecurity awareness training. This should not be a one-time thing. This should happen regularly with exams and certification.
• If you need reinforcement or want to totally change your IT strategy, partner with a reliable MSP who can handle all of your IT concerns for you.

Before You Go: Special Offer for Our Cloud Clients

Now more than ever, your job as a healthcare provider should be your top priority.

We at ER Tech Pros provide quality IT services to our colleagues in the healthcare community.

We’re offering special rates to existing cloud clients! Sign up with ER Tech's IT services for as low as $40/desktop/month*!

• 24/7 Remote IT Support
• IT and Network Maintenance
• Account Management
  
  

We want you to experience excellent quality IT support...for free! So we’re offering a free trial—no strings attached. 

* Limited-time promo rate for MG Hosting/cloud clients who sign up for the three-year contract