COVID-19 Update: Read our messages to employees and clients

April 17, 2018
How Your Employees are Unknowingly Putting Data at Risk

Like most criminals, the shady characters who are out to steal your data will be much more likely to succeed if they have an accomplice on the inside. Unfortunately, there’s a good chance they’ll find more than a few accomplices on your staff.

Of course, the employee who ultimately opens the safe and green-lights the thieves probably won’t do it deliberately. He or she probably won’t realize how it happened, but the damage will be just as complete as if the employee were in on the caper.

Inviting target

To the would-be data thief, healthcare is fertile territory. Policies are often lax or loosely enforced. Employees are often overconfident and/or naive. And the number of entry points that can lead to breaches is disconcertingly high.

One survey found that healthcare ranked 15th of 18 industries in regard to the security risk known as “social engineering” — the buzz phrase describing vulnerability to schemes that manipulate employees into divulging confidential or personal information. The survey “show[s] that security awareness and employee training are likely not sufficient,” says Alex Heid, Chief Research Officer at SecurityScorecard, which monitors security risks. “Security is only as strong as the weakest link,” he adds.

Epidemic of infections

Those weak links — unwitting employees — have played a part in 52% of all data breaches, a CompTIA study finds. And the relative ease with which nefarious actors have managed to hack healthcare facilities has reduced the unscathed to a small minority. According to the 2016 Healthcare Industry Cybersecurity Report, more than 75% of the entire healthcare industry had been infected with malware during the previous year.

How do unwitting employees get taken for a ride? Here are just some of the ways:

  • Phishing (or spear-phishing) scams. Phishing attacks are increasing and evolving. In 2016, one of every 131 emails contained malware. Some are obvious. Some are less so. Either way, once a targeted recipient takes the bait and opens a malicious attachment, malware installs on the system and the attacker can begin to move toward his objective. “Employees are often the lowest-hanging fruit when it comes to phishing, spear-phishing and other social-engineering attacks,” says Mr. Heid. “For a hacker, it only takes one piece of information … to exploit an employee into divulging sensitive information, or to provide an access point into that organization’s network.”
  • Personal devices. Smartphones, laptops and USB drives can be security nightmares. People visit questionable sites, download unverified applications and fail to lock their devices with passwords. If they then shift into work mode, they can expose their employers to the malware or spyware they’ve unknowingly brought with them.
  • Weak Passwords. Believe it or not, a 2016 study of 10-million passwords found that one in six people were using “123456.” Worse yet, the list of the top 25 most popular passwords, which accounted for more than half of all passwords overall, included such ridiculously easy-to-crack variations as “111111,” “password,” and “654321.”
  • Questionable browsing. Websites that let users download movies or music are especially risky, say experts. As are (and should probably go without saying) adult websites.
  • Social media. Cyber-attackers are on the lookout for information they can use to help launch phishing attacks — a photo of an office setting or excessive information about one’s job, for example. Harmful links and downloads abound on social media, as well.
  • Unsecured wireless connections. Most people either don’t know or underestimate the dangers involved in using public Wi-Fi. A recent survey found that 87% of American consumers had used it at one time or another, and more than 60% assumed it was safe.
  • Free software. Conscientious employees may be tempted by programs that provide simple services, such as converting word files into PDFs, for free. But a free program may be more likely to contain malicious code.

Don’t just educate

Many facilities are recognizing how vulnerable they are, and wisely employing technology to protect coveted data. But unless they make sure employees clearly understand the dos, the don’ts and the dangers surrounding data security, thieves will continue to see healthcare as an easy and profitable mark.

How can you beef up your defenses where employees are concerned? Ongoing education and training are essential, but don’t settle for a classroom Q&A, says security expert Marc van Zadelhoff, writing for the Harvard Business Review: “User awareness programs are the key to educating insiders. Train your people, test them, and then try to trick them with fake exercises.”

Doing so requires work and perseverance, he says, but the extra effort will have a disproportionate positive impact on the safety of your data.

Care Navigators
As healthcare business models evolve, so should care teams.

Patients who are paired with Care Navigators report feeling less anxiety, and an increased ability to self-manage their conditions between visits. And providers report increased job satisfaction from improved efficiency, and knowing their patients have access to care teams, and strategic support.

Chronic Care Management
With an increased aging population managing two or more chronic illnesses, extending your care teams’ ability to communicate with patients is critical. We take a strategic approach to helping patients chart a path towards their health goals, while self-managing their chronic conditions between clinical visits.

AI Chatbots
We deliver a robust AI Chatbot solution to help manage and sustain effective communication with patients. Care teams implement the conversational text messages and customize patient communication to deliver high quality care.

Nurse Care Team Assistants
Adding a qualified Nurse CTA to the care team increases quality of work-life and reduces stress on nurses. The nursing profession is also experiencing an alarming shortage due to increased clerical burdens and burnout.

Revenue Cycle Management
Transition Revenue Cycle Management into the modern age with a suite of software tools that will transform your billing and coding processes. Transact at lightning speed, with increased transparency and decreased siloes. The QueueLogix software application seamlessly integrates with existing EMRs to ensure the clinical activities and back-office operations are well aligned, monitored and successful.

Referral Management
Referrals scheduled by navigators in the clinical setting builds long term, patient care integrity across the care continuum. With the authority, along with the provider to search for specialists in network, navigators assess their schedules, and ensure appointment compliance.

Scribe Services
There’s a reason why we’re the nation’s most frequently used scribe company: we offer professionally trained medical scribes to meet the specific needs of our clients. We offer a variety of scribe programs, as well as technology and personnel solutions that address revenue cycle management, the transition to value-based care, and more through our HealthChannels family of companies.