October is National Cybersecurity Awareness Month (NCSAM), a collaborative effort between government and industry to raise awareness about the importance of cybersecurity. This year, NCSAM is focusing on personal accountability for cybersecurity and the importance of taking proactive steps to fortify it. And with healthcare holding the top spot in 2018 for the industry with the most cybersecurity breaches, this message of diligence should be one that isn’t ignored. The trend of breach attempts within healthcare has remained a constant – hackers continue to target individual workers at healthcare organizations to gain access to the valuable health and personal data housed within the networks. In fact, healthcare providers weathered a 300% increase in imposter email attacks during the first quarter of 2019 as compared to the same time period the year before, and made up approximately 79% of ransomware incidents within all industries between Q1 and Q3 2019. Spotting Cyberhacking Efforts The best way to provide an individual contribution in warding off cyberattacks is to be aware. Online scam artists use three main types of attacks, which account for nearly 30% of cyberattack incidents: Phishing – an attempt to trick victims into sharing sensitive information such as passwords and usernames for malicious reasons. Often, phishing emails are sent to masses of people in hopes of luring in a few who “take the bait” Spear phishing – a personalized attack that fraudulently sends emails from a known or trusted sender in an effort to entice targeted individuals to reveal confidential information Malware – malicious software aimed at damaging devices or stealing information. The software is installed after access to the network is gained What’s more, the 2019 HIMSS Cybersecurity Survey found that email is the most common official point of compromise for significant security incidents. Often malicious emails will arrive with a spoofed URL, making it difficult to tell it wasn’t from inside the organization. Terms such as “urgent”, “request” and “payment” are used to lure the recipient into opening the message, clicking the link, and unlocking the door to the entire network. And in 2018, the three most common types of healthcare phishing emails were: Fake payment notifications Alerts of new messages in a mailbox Fake invoices As you monitor your daily emails, a few additional cybersecurity tips to keep in mind include: Avoiding automatically clicking on hyperlinks – instead, hover over them to verify their authenticity and ensure the URL begins with “https” Being wary of emails from unknown users – if you’re unsure who an email is from, even if details seem accurate, investigate the legitimacy of the email before clicking any links or responding Routinely updating your password – consider using the longest password or passphrase permissible and get creative, customizing your standard password for different sites Although one of a healthcare organization’s best defenses is to establish a legacy data management plan and limit the number of systems it needs to protect, every healthcare employee has personal responsibility to be cognizant of the contribution they play in either strengthening cybersecurity defenses or opening the organization up to potentially devastating risk. #BeCyberSmart, stay #CyberAware.