Cyberattacks have become an industry-wide phenomenon, with phishing attempts, malware and ransomware affecting more and more health systems and ASCs every day. But, as the volume and frequency of cyberattacks increase, there appears to be one central and common link: human error.
Leaders in ASC cybersecurity explored some of these issues and shared insights on how their own companies are working to prevent cyberattacks and instill proper cyber hygiene at Becker's ASC 25th Annual Meeting: The Business and Operations of ASCs in Chicago, Oct. 18-20.
Here are three key takeaways:
1. Biggest cybersecurity threat? Human error. It starts with a click. You're busy at work; you get an email from your company's internal system, and so you open the attachment or click the link without double-checking the email address. That's all it takes; you've been phished. Ann Geier, MS, RN, chief nursing officer at Surgical Information Systems in Alpharetta, Ga., described this and similar situations of the countless phishing attempts she's seen.
To help strengthen employee cybersecurity skills, Surgical Information Systems hired a phishing company to send out fake phishing emails to its employees. The fake emails served as a test to determine whether employees were clicking on any unsafe links, and if they notified their IT department of any potential phishing attempts.
2. What to do if you're being phished. Cyberattacks resulting from human error, not hacks, account for 90 percent of security incidents, according to the Microsoft Security E-book. If you have even the slightest suspicion you may be the attempted victim of a phishing scam, Ms. Geier advises not to click or respond.
"If an organization phishes, and they want to know any confidential information, do not give it out. Do not. You pick up the phone — you don't respond to the email because now [the phishers] know they have a valid email address. So, you pick up the phone, and you call somebody, whether it's your bank or whomever and say, 'I just got this request,' because [the bank or whomever the email is from] is not going to ask you for that stuff online. Do not respond."
3. Preventing cyberattacks. Accepting that your ASC will likely fall victim to a cyberattack is the first step in developing strong prevention methods. Margaret Chappell, of Charleston, S.C.-based Center for Advanced Surgery, shared her insights on maintaining proper cyber hygiene on a company-wide level.
"Make sure your policies and procedures are up to date. Archive your systems frequently, and back them up. Test and audit all the time. It's huge. I want you to actually pretend that you've had an attack. Stay up to date. Go in, send a fake phishing email to your employees, and see what happens. Then, [depending on your issue] correct it. You need to do that frequently. Stay in the know. You need to know what's going on out there because it changes day to day."
More articles on leadership:
The 3 reasons why physicians often lack leadership training
12 ASC company leaders to know
Successful medical groups adopt these 3 strategies — MGMA report insights