The healthcare industry is taking some great strides forward to catch up with the rest of the business world in the use of technology. From moving data to the cloud to even just using data to drive outcomes, it’s a big shift for the industry.
However, this is also creating an area for concern. As healthcare gets more digital, hackers are targeting health providers, seeing them as soft targets without much experience or investment in cybersecurity as other organizations.
One of the primary ways hackers have obtained protected health information (PHI) this year is by hacking the email of health providers. Hacks can cause large HIPAA fines and a loss in public trust for any health provider.
Are you working with HIPAA compliant email? Read up on the basics of cyberattacks that can take a healthcare organization down.
How to hack an email? These are the top three ways
The most common way email gets hacked are through phishing schemes. Phishing is the most widely used technique because it’s simple, affordable, and attacks the weakest link in any security system – people.
Phishing is usually done by sending out an email that looks legitimate and sends the recipient to a fake website and has them enter credentials to “verify” information, which is then stolen. The emails may also ask a recipient to download something that looks legitimate but ends up being malicious malware.
The Anthem breach is suspected to have originated through the use of a phishing scheme.
2. Man in the Middle Attack (MITM)
A MITM attack is when a hacker secretly relays communication between two parties who believe they are communicating directly. Unless both parties use encryption the message is open and can be read by anyone who intercepts it.
A quick way to know if an email is particularly vulnerable to MITM is if you receive an email from someone and it is in cleartext.
Consider emails sent to and received from mailboxes that only send cleartext emails as security liabilities.
3. Password Guessing
Good old guessing is another way a hacker can gain access to email. Personal information oon social media makes it easier for a hacker to find information often used as passwords and security questions.
Stay safe with HIPAA compliant email
Now that you know some of the common threats against email security, here are three steps you can take to protect your practice and realize the benefits of having HIPAA compliant email.
1. Have a plan to keep your HIPAA email safe
You can’t protect anything without a good plan in place. This can range from annually auditing your email security, to policies and procedures if a breach does happen. For smaller practices without resources for IT, the FCC has developed a Cyber Planner to help you put a plan in place.
Your plan should also include training employees on how to recognize fraudulent emails and how to handle them. This can include common rules such as:
- Following good password practices
- Do not open suspicious links in emails or social media posts
- Keep antivirus and anti-spy software updated
2. Don't get hacked. How to protect HIPAA email with encryption
As we established earlier, email can provide a huge benefit for your practice, but those emails can contain sensitive information that can include PHI.
Improperly securing PHI in transit and delivery could lead to a costly HIPAA violation. Email is only protected in transit if it is encrypted.
Thankfully there are now vendors who can provide email encryption which range in costs and methods and can work with the dominant business email clients like Microsoft Outlook, Office 365 and Google Workspace.
Some encryption vendors like Paubox also include inbound protection against phishing attacks at costs even small practices can afford. Be sure the vendor you choose signs a Business Associate Agreement.
3. Don’t wait to keep your HIPAA email account safe
The best thing any health provider can do is take action right away. It doesn’t have to be expensive or complex to be secure, some of the best security can come from educating employees and encrypting emails that contain sensitive information.
You can start protecting your email today with Paubox Email Suite, seamless encryption without the hassle of extra steps or portals for you or the recipients of your email. Paubox works from any device and is HIPAA compliant. Even better, it comes with robust SPAM and phishing protection.