When you think of cybersecurity, you might picture a hacker in a dark room trying to break through your computer’s firewall. While hackers do try to get into healthcare systems, the root cause of them getting access to information is often close to home.
Human error from employees is one of the greatest causes of data breaches. Actions of careless staff members can lead to data ending up in the wrong hands.
LINKS:
____________________________________________
https://etactics.com/blog/human-error...
____________________________________________
The first way that human error causes data to end up with hackers is from incorrect access. Employees might give account access or send information to the wrong person. They might have made a typo in an email address, or uploaded the wrong file. The recipient might decide to take advantage of this mistake and sell the data. But even if the recipient doesn’t abuse the data, it could still end up with a hacker. If the recipient’s account ever becomes compromised, then the hacker could easily access the information.
Sending any unencrypted data, whether it goes to the correct person or not, is a huge risk. Encryption scrambles information, and it requires a key to decrypt. That way, if someone without authorization intercepts the data, it’s useless to them without the key. But if data is unencrypted and a hacker intercepts the information or breaks into an account, it’s easy for them to steal.
Have you ever shared your Netflix account and password with someone?...Don’t answer that. Just know that if you did this with your organization’s accounts it presents a huge risk. The more people that have access to an account, the more devices and networks that could be compromised. There’s a major loss of control, and it’s impossible to protect the account from hackers if it’s on many devices and different networks.
Phishing attempts are such a common way that human error leads to hackers obtaining data. They’ll disguise themselves as trustworthy individuals so employees engage with their malicious emails. They may impersonate a work supervisor, requesting the employee to send protected health information. Or they may include links and attachments which, when clicked, allow the hacker to enter the network. Always check the email address from the sender to make sure a hacker isn’t impersonating someone you trust. Don’t click any links in an email you weren’t expecting or from someone you don’t know.
Neglecting updates is another easy way that hackers steal sensitive information. Systems and software will occasionally need updates. If they aren’t updated, they’ll stop working to protect data. There’s a reason why software applications send you those pesky update available notifications. Hackers know that outdated software has vulnerabilities, and they look to exploit this. The longer you wait to make updates, the more likely a hacker will get into the system and steal data.
It’s difficult to prevent lost or stolen devices. If they contain PHI and end up in the wrong hands, data will get stolen. But not if you have appropriate safeguards on devices. You should require a password on your device, sign out of accounts from all devices, change account passwords, and have data encrypted. This way, if your device does end up in the wrong hands, no one else will be able to access its data.
When you dispose of data records, they must be cleansed of all information or destroyed so that they’re completely unreadable. Even if electronic devices don’t turn on, their hard drives could be in perfect condition and full of data that anyone can access. This is why they need to be sanitized of all information. And if papers aren’t destroyed to the point of being unreadable, an unauthorized person could view them and then abuse the data.
Similar to this, if you leave data exposed, anyone without authorization could view or steal the information. Always keep paper records in locked containers or cabinets, and don’t leave them lying out on desks or in exam rooms. Lock all electronic devices when you leave the immediate vicinity.
Bring-your-own-devices are a risk for hackers gaining access to systems. They’re also more likely to be lost or stolen since they travel between work and home. Hackers can more easily break through device firewalls if they don’t have protection and safeguards once they leave company networks.
Abusing privilege is difficult to prevent because it’s entirely by choice. Some employees look at data out of curiosity and tell others about the information. Sometimes this is done just because the employee doesn’t know that it violates their policy.
► reach out to Etactics @ https://www.etactics.com
►Subscribe: https://rb.gy/pso1fq to learn more tips and tricks in healthcare, health IT, and cybersecurity.
►Find us on LinkedIn: / etactics-inc
►Find us on Facebook: / etacticsinc
Информация по комментариям в разработке