Podcast: Play in new window | Download (Duration: 12:46 — 11.8MB)
Subscribe: Apple Podcasts | Email | TuneIn | RSS
By Adam Turteltaub
adam.turteltaub@corporatecompliance.org
A few months ago the threat of ransomware – and some actual cases – was sending chills of fear through hospitals, municipalities and the business community.
Since then reported ransomware incidents have decreased substantially, but that doesn’t mean the threat is gone completely, warns John Riggi, the Senior Advisor for Cybersecurity and Risk for the American Hospital Association and a veteran of the FBI. In fact, he explains in this podcast, it remains a real risk, but just one of many risks out there.
Supply-chain related attacks remain an issue, for example. Remember when the Target system was infiltrated by hackers who came in through the HVAC provider’s connection to Target’s system? That is still a potential problem, even extending to medical devices plugged into networks at healthcare providers.
Another threat to watch out for: business email compromises, in which a cyber adversary impersonates an individual with payment authority in the organization. He or she then sends instructions to an employee to wire funds, ostensibly to a vendor, but in reality to the criminal.
So how do we help prevent these issues? According to John training is critical. Employees need to know what to watch for and, in the case of payments, know when to stop and call someone to confirm the instructions.
Likewise, employees need to better understand the risks posed by lost files, flash drives and laptops.
But, in the healthcare arena, most importantly they need to understand that patient care also means caring for patient data.
Listen in to learn more.