Why Healthcare Is A Sitting Duck For Cyber Attacks, And What To Do About It

So-called social engineering attacks – including Phishing, Vishing/Smishing, Baiting, “Quid Pro Quo,” and Pretexting – don’t involve a technical breach in the engineering sense. Rather they are more in the mold of a traditional con, relying on human gullibility and human error. All organizations are potential victims of a social engineering attack, but there are factors in the US healthcare industry that makes it particularly vulnerable, according to a post from risk management consultancy and insurance broker Risk Strategies.

One factor is that, because of its reliance on the rapid and accurate transfer of information, healthcare has fully embraced digital communication, probably as quickly and thoroughly as any sector of the economy. The second factor is that information being transferred in the healthcare setting is especially sensitive: Failure to get it delivered in a timely fashion to the proper destination may have immediate life-and-death consequences.

The third factor is that in the tumultuous world of free market healthcare, mergers and acquisitions are endemic, which can itself increase the risk. When organizations are acquired and work forces expand, as this post says, “it can take time to assimilate teams and organize communications.” In the interim, the staff may be “especially vulnerable to scams, as they may not yet know when communications are coming from a trustworthy source.”

The writer’s advice: Begin the insurance renewal process early, and stay up to date on any changes in the cybersecurity coverage. He also suggests mandatory training for all staff regarding the risks of social engineering. -Today’s General Counsel/DR