Since the COVID-19 pandemic began, health care organizations have been overwhelmed, trying to manage telework, telehealth and ward off increasing threats to their protected health information. But security professionals also are finding organizations are adapting and implementing strategies to safeguard protected health information. Still, there is always more they could do, and the experts recommend a variety of tactics to keep health care entities safe in the coming months, as the pandemic continues.
Rebecca Herold, president of SIMBUS LLC and CEO of The Privacy Professor, urged organizations to encourage and facilitate cybersecurity awareness in their workers. “Health care entities, and their workers who are almost certainly being targeted—spearphished—need to be aware of these increased phishing and social engineering attempts,” she said.
Training is key, Herold said. “Health care providers, insurers and clearinghouses need to provide training specific to social engineering tactics and send frequent reminders to their employees. They also need to make sure all their business associates are also providing this same type of training … to their employees.”