With the world turning attention towards the Russian invasion of Ukraine, cybersecurity concerns have made their way into the healthcare arena. Over the past several days, warnings within healthcare systems of Russian-borne cyberthreats have increased. These threats may come as a direct target but more likely as collateral damage due to disruptions or spillover activities. As an extension of the industry, medical transportation organizations must be diligent in protecting their businesses.
A standard tool used in cyber-attack is phishing, and one of the most basic to look out for. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal and/or company information. The importance of staff training in recognizing phishing emails cannot be understated. Some of these appear to be from reputable entities, including Centers for Medicare and Medicaid Services or other government entities, resulting in access to personal identifying information or protected healthcare information of clients.
Prevention is the single most effective tool to use when dealing with a phishing campaign. It is important for staff to be diligent when opening email and responding to requests for information. Some tactics organizations can investigate to prevent these attacks include:
The importance of this process cannot be understated at this time. The American Hospital Association (AHA) presented the following scenario as a potential back-door for organizations to be involved in cyberthreats.
While our attention is focused on Russia, other nation state cyber adversaries, such as China, Iran, and North Korea, may see this an opportune time to strike," the AHA said. "Either way, cyber threats do not stop at water's edge, and care providers need to be on heightened alert during this tense time against malware or destructive ransomware that can penetrate U.S. health care, potentially disrupting patient care and putting entire systems at risk.
TripSpark wants to provide reassurance that we have phishing controls in place, however, we cannot do this alone and we cannot prevent your organization from being involved in this kind of scenario. As mentioned earlier, medical transportation is likely not a direct target of any of these potential campaigns. Even so, it is important that we protect our organizations, our employees, and those we serve.