Data Security Tips for VHAN Members

Health care organizations store a huge amount of sensitive patient data, which has become a goldmine for cybercriminals holding health systems ransom with threats to use that data for identity theft, fraud and other malicious activities. Given the recent high-profile cases of Change Healthcare and Ascension, this special issue of the VHAN Practice Newsletter features ways to strengthen your organization’s cybersecurity policies and safeguard it from bad actors. We encourage you to share these helpful tips with members of your team.

Phishing Tactics to Watch

Hackers are increasingly targeting the health care industry with phishing attacks, aiming to steal sensitive patient information and disrupt operations. These attacks often come through emails that appear legitimate but are designed to trick recipients into providing confidential information.

Beware of these common phishing tactics:

• Impersonation. Emails that seem to be from a trusted source, such as a colleague or a known organization, but contain subtle differences in email addresses or sender names.
• Urgent requests. Messages that create a sense of urgency or fear, urging you to act quickly without verifying the request.
• Links and attachments. Emails containing links or attachments that, when clicked or downloaded, install malicious software or direct you to fake websites.

Tips to Enhance Data Security

• Verify before acting. Always double-check the sender’s email address and verify any unexpected requests for sensitive information through a separate communication channel.
• Hover over links. Before clicking on any link, hover your cursor over it to see the actual URL. Look for discrepancies or unusual web addresses.
• Educate your team. Regularly train staff on recognizing phishing attempts and the importance of data security. Conduct simulated phishing exercises to keep everyone vigilant.
• Use strong passwords. Implement strong, unique passwords for all accounts and encourage the use of password managers.
• Enable Multi-Factor Authentication (MFA). Adding an extra layer of security by requiring two forms of verification can significantly reduce the risk of unauthorized access.
• Update software regularly. Ensure all systems, software and devices are up to date with the latest security patches to protect against vulnerabilities.
• Report suspicious emails. Encourage staff to report any suspicious emails to your IT department immediately, rather than ignoring or deleting them.
• Be wary of free software downloads. Many types of free software, such as PDF viewers, can harbor significant risks, including phishing attacks, malware infestations and privacy breaches. Consult with your IT team on safe software and remind your team to refrain from downloading these tools on the internet.

Email Best Practices for Members

• Add info@VHAN.com as a contact in your address book and ask your IT department to “whitelist” memberadmin@ma.vhan.com to ensure VHAN messages are not treated as spam.
• Use an organizational email address rather than a personal email address. Personal email accounts tend to have weak password security, making them more vulnerable to attack. Organizational email accounts usually have multiple layers of password protection.

Phishing attacks can have severe consequences for health care organizations, including data breaches, monetary loss and damage to patient trust. By staying informed about common phishing tactics and implementing robust security measures, you can protect your practice and maintain the confidentiality of your patient information.

For more information and resources on data security, Vanderbilt University Medical Center offers tips for avoiding phishing attacks and warns against the dangers of free software downloads.