Top-5 cyber threats to EHR systems and how to deal with them

Phishing

  1. more sophisticated attacks
  2. insufficient user awareness
  • email filters
  • browser alerts
  • network access control
  • multi-factor authentication
  • security patch updates
  • data backup
  • shortened links
  • fake brand logos
  • fake attachments
  • hypertext
  • password-protected documents
  • shared drive links
  • notifications
  • abnormal direct messages
  • etc.

Malware

Encryption blind spots

Cloud leakage

  • be aware of the aspects of cloud security you are responsible for, rather than totally rely on the cloud provider
  • understand cloud architecture to avoid security vulnerabilities due to misconfiguration
  • disable unused ports and delete unnecessary processes and instances as they can lead to vulnerabilities
  • use sophisticated encryption techniques to establish EMR data privacy in storage and during transit
  • implement EHR security measures according to HIPAA EMR requirements 2022

Insiders

  • develop a documented security policy that will describe the roles of employees, areas of responsibility, and an algorithm of actions in certain situations
  • conduct regular workshops and encourage employees to take courses on security issues
  • create user accounts with differentiated access to medical records
  • regularly change passwords to corporate resources
  • delete the accounts of employees who no longer work in the company
  • imitate hacker attacks and analyze the employees’ behavior

Summing up

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store