Solutions

Solutions powered by
Learn More.
abaqis for Skilled Nursing

abaqis®

Mitigate risk and elevate your quality of care. Improving both clinical and business outcomes starts with a smarter, more integrated approach to regulatory training, continuing education and quality management.

Learn More

NEW TO THE STORE

hStream Content Marketplace

NurseGrid Learn

Online store for Clinical Learners. Individual CE Credit and industry products for Clinical Learners are now available through NurseGrid Learn (Beta). Explore our robust collection of courses that provides an unparalleled level of flexibility and choice.

DEA MATE Opioid and Substance Use for Practitioners

Meet the DEA's new requirement under the Medication Access and Training Expansion (MATE) Act in an online and self-paced 8-hour DEA MATE Act course specifically designed for practitioners, including Physicians, PAs, NPs, Pharmacists, Dentists and others.

LATEST & POPULAR

BLOG

Nurse Strikes are Scary, but License Verification Doesn’t Have to be
BLOG

Mind Matters: The Interplay of Staff Wellness in Quality Outcomes
BLOG

Unlocking Revenue in Healthcare: The Power of Efficient Credentialing
On-Demand Webinar

Understanding ENA’s Emergency Severity Index Handbook, 5th Edition
On-Demand Webinar

From Regulations to Realities: Nurse Staffing, Unions, and the ShiftWizard Advantage
On-Demand Webinar

myClinicalExchange Empowers Logan Health to Transform Student Onboarding

< HealthStream Resources

Best Practices in Defense of a Cybersecurity Breach

April 1, 2021
April 1, 2021

HealthStream interviewed Steven Conrad, Managing Director of MediaPRO, to learn defensive measure healthcare organizations can take to prevent breaches. Conrad has worked to improve organizational performance through effective learning solutions and is active at the strategic level to protect organizations from cyberattacks.

What’s the Best Way to Encourage Vigilance?

Given the vulnerabilities described in some of the research, what is the best way to ensure that employees remain vigilant and smart about how to spot fraudulent emails? Some healthcare organizations have established Bitcoin accounts in the event that they are the victim of a ransomware threat, but is that the best available option?

Conrad recommends monthly mock phishing supported by employee training to best address the vulnerability created by employees. “An organization’s IT department may understand and be able to respond to the technology issues, but be less prepared to deal with the human problems.”

Send Your Own Phishing Emails to Assess Vulnerability

MediaPRO recommends sending phishing emails that emulate some of the best strategies used by phishers. It is not unusual to see between 60% and 70% of employees taken in by such emails particularly at the onset of training.

In addition to the emails that simulate phishing, Conrad also encourages healthcare organizations to take the following steps to protect themselves:

  • Conduct ongoing mock phishing drills of your workforce in a way that emulates what actual phishers do.
  • Provide regular data protection best-practice training that focuses on physical security, password protection, and other key aspects of data protection.
  • Share the real-life tactics of phishers, which will involve regular and ongoing training.

Criminals Using Artificial Intelligence and Constantly Changing Tactics

“Bad guys are doing very sophisticated things including the use of artificial intelligence. It’s important to share these tactics with employees so they recognize these phishing attempts when they encounter them. These criminals use constantly evolving tactics. It is not a static game for them and your training should reflect this fact,” says Conrad.

In addition to monthly mock phishing, MediaPRO’s system can help organizations to identify those employees who create higher levels of risk as well as those who engage in potentially compromising behaviors, such as clicking on an inappropriate link or downloading harmful files. Training can then be customized to address specific areas of vulnerability. When describing the goal of training employees to recognize phishing attempts, Conrad says, “It’s all about enabling people to make better decisions. If we’re not doing that then we’re putting them in a situation where they really can’t do their jobs as well as they should.”

The threat to the security of information is an evolving one, and the key to real vigilance incorporates both technology and training. Conrad’s advice is to make sure that your organization helps employees to understand their vital role in the protection of this information.

This blog post excerpts an article in our complimentary eBook about Threats to Healthcare, Workforce Readiness: Preparing Today for Tomorrow’s Unknown. Download it here.