Data-breach numbers have been skyrocketing all over the world since the start of the global pandemic, and phishing is at the root of many of those breaches – an estimated 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months.

The sudden rise in remote work early last year was a huge game changer for cyber criminals, and they upped their game accordingly: Google notched more than a 600% increase in phishing emails at the start of the global pandemic. Because remote workers often use email as their primary form of communication, they become used to opening multiple emails every day, and may not pause to question what this particular email with the dodgy subject line is about. The repetition dulls them to what may otherwise strike them as strange.

Would you open an email from Paypal saying your refund is being processed and you need to approve the payment? What about the ever-present “Verification Needed to Update Your Account.”

More simply yet, would you open an email from your colleague who just left for a vacation, asking you to please print out this document and leave it on the Nurse’s desk in the morning, because they forgot to do it?

That’s where social engineering comes into play. By posing as a member of your workforce (your colleague, boss, or employee), a hacker can trick you into doing something that seems routine and not at all dangerous. What you don’t realize is that it isn’t your co-worker sending that email. Their credentials have been compromised and a hacker is using their email account. They’ve attached a Word document for you to print out, something the hacker knows this person often does, because they’ve been able to look through their email history. When you go to open the document, you unknowingly download a virus onto your networked computer.

That’s all it takes. That’s how ransomware can infect your machine, your network, your entire building. That’s how a hacker can gain access to your hard drive and servers, leading to data breaches. They can then leak protected health information or steal credentials and personally identifying information.

Where Do You Come In?

Unfortunately, even the best trained and most aware employees make mistakes – the single biggest cause of all cybersecurity incidents, including data breaches, will always be human error. A system like multi-factor authentication can stop 99% of password-based cyberattacks. Setting up this protection on your business devices will drastically reduce the risk of phishing attacks being successful. 

You don’t have to do it alone. Your practice can be protected with sophisticated password management, multi-factor authentication, phishing awareness training, and top-level cyber security. Our cyber security experts at Healthcare Technology Advisors can assist you in determining which solutions are a good fit for your practice and how best to implement them.

Call Healthcare Technology Advisors today and ask for a cyber health check-up. It’s a great place to start.