Issue link: https://beckershealthcare.uberflip.com/i/898852
63 CIO / HEALTH IT Hospital Leaders Should Be Weary of Accidental Insider Mistakes, Better Prepare Employees By Julie Spitzer A s cyberattacks become more frequent and complex, healthcare leaders must apply new approaches to train their employees on cybersecurity. At Becker's Hospital Review's 3rd Annual Health IT + Revenue Cycle Conference in Chi- cago Sept. 22, Brian Warszona, vice president at London-based Willis Tower Watson, explained companies must look beyond traditional cyber- threats — like hacktivists, third-party breaches and malicious cybercriminals — and focus on securing their systems from accidental insider mistakes. Email is the No. 1 way malicious code enters system, and a number of other cyberattacks are triggered by accidental employee errors, ac- cording to data Mr. Warszona presented. is infection might take place aer an employee accidentally clicks on a link with a malicious code or when they log on to their work com- puter from their home wi-fi network, for ex- ample. "We have to start looking at the employees be- cause they are one of the main focuses of what we're trying to prevent. What we are trying to prevent is a mistake," he said. "A lot of the times we run into employees that [made a] mistake and are attempting to cover it up because they felt bad about what they did." Companies should address cybersecurity shortfalls from both an organizational perspec- tive and an individual employee's perspective. He suggested organizations incentivize good cyber behavior on an individual level and con- sider training methods that integrate gamifica- tion elements — such as implementing a short cybersecurity video that pops up when an em- ployee comes close to accidentally jeopardizing the system. "You can't control every single button your em- ployees click on, but there's a way you can make them want to be a little more conscious," Mr. Warnszona said. n Survey: 3 Common Ransomware Infection Vectors By Jessica Kim Cohen T he plurality of corporate IT and security professionals — 42 per- cent — ranked ransomware as a moderate cyberthreat, according to a Crowd Research Partners report. For the report, the market research firm surveyed 516 corporate IT and security professionals about their attitudes toward recent ransom- ware trends. Thirty-eight percent of respondents cited ransomware as an "extreme threat." The remaining respondents identified ransomware as a "small threat' or "no threat at all." Here's how corporate IT and secu- rity professionals whose organi- zations had been hit with ransom- ware responded when asked how the infection had entered their or- ganizations. 1. Opening malicious email attach- ments: 73 percent 2. Responding to phishing emails: 54 percent 3. Visiting compromised websites: 28 percent n Legacy Systems Rank No. 1 Among Federal IT Execs' Top Cybersecurity Challenges By Jessica Kim Cohen T he most-cited challenge fed- eral agencies face in cyberse- curity are vulnerabilities from aging applications and technolo- gies, according to a survey by Grant Thornton and the Professional Ser- vices Council. For the survey, the professional services firm Grant Thornton inter- viewed and surveyed 313 IT exec- utives from 29 federal agencies, including CIOs, chief information se- curity officers and chief data officers. Here are the top five areas IT exec- utives cited as challenges to cyber- security, beginning with the most challenging. 1. Vulnerabilities from aging appli- cations and technologies 2. Human error 3. Malware 4. Phishing campaigns 5. Internet-facing attacks, such as dis- tributed denial-of-service attacks n Minnesota Hospital Notifies Patients of Breach After Failing to 'BCC' a Mass Email By Julie Spitzer W aconia, Minn.-based Ridgeview Medical Center alerted patients Sept. 8 of a security breach that affected some of their personal in- formation, a hospital spokesperson told Becker's Hospital Review. Ridgeview Community Network, an ACO that includes Ridgeview Medical Center, exposed some members' email addresses July 10 and July 11 when it sent a general survey request via email. The message did not blind-copy the email addresses, allowing all recipients to view the addresses of other re- cipients. No other patient, medical or identifying information was breached. Hospital staff have been re-educated about the need to keep protected health information safe at all times, the spokesperson said. n