Although we are aware of how frequently email phishing attacks are occurring, especially in the healthcare sector, organizations and their workforce are still clicking on attachments and links from emails outside the organization.

  • Lake Region Healthcare (LRH) was hit with a ransomware attack a few days before Christmas, resulting in computer system outages and the disruption of certain operations. Some patient care and business service systems were left without full functions in the immediate wake of the attack.
  • Universal Health Services was one of the first providers targeted in a massive ransomware wave, followed by a host of other providers that were also driven to EHR downtime procedures, including the University of Vermont Health Network, Sky Lakes Medical Center, and GBMC HealthCare in Maryland, just to name a few.
  • West Virginia-based Prestera Center recently began notifying a small percentage of its patients that their data was potentially compromised after a hack on its business email environment.

Educate your staff on best practices with emails outside of the organization. When in doubt on whether an email is legitimate, contact your IT provider for guidance.

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.