CYBERSECURITY FOR THE HEALTH CARE INDUSTRY
Tailored cybersecurity awareness and training
Month after month, there are many successful cyberattacks on the health care industry. Cybersecurity breaches that expose sensitive data from hundreds of thousands of people are especially important, as the privacy rules have become a nightmare for health care providers.
Social engineering, malware attacks, computer theft, unauthorized access to sensitive information (medical history, treatment of patients etc.) and ransomware, are only some of the challenges. WannaCry ransomware, for example, crippled parts of the U.K.’s National Health Service for many days.
After a successful attack, the damage to brand reputation of the health care provider is very important.
Health care providers must have sufficient defense mechanisms in place, and must be able to provide evidence about that. Cybersecurity awareness and training for healthcare practitioners, doctors and personnel is an important step, as even the best systems cannot protect the industry, when the persons having authorized access do not understand the risks and the modus operandi of the attackers.
Cybersecurity was not historically a major component of health care management. Month after month the health care industry is evolving into an increasingly digital environment, and in today’s threat landscape, health care organizations have cybersecurity professionals on staff, establish security policies and procedures, follow corporate governance best practices, ensure C-suite support and board involvement in understanding risks and countermeasures, and train all persons that have access to sensitive data.
Security adds inconvenience by design. Only when users understand the risks and the need for countermeasures, they do not cut corners and they follow the policies and the procedures.
We always tailor our training programs to meet specific requirements. You may contact us to discuss your needs.
The program is beneficial to all persons working for the healthcare industry (medical care, administration, research, sales and consulting).
Modules of the tailor-made training
- Important developments in the health care industry after the new privacy regulations, including the GDPR.
- Understanding the challenges.
- Cyber threats to the health care industry.
- Cyber attacks against doctors, nurses, assistants, therapists, laboratory technicians, and all persons having authorized access to systems and data.
- Who is the attacker?
- Possible adversaries: Competitors, criminal organizations, state-sponsored groups, small groups, individuals, employees, insiders, service providers, hacktivists etc.
- Professional criminals and information warriors.
- Step 1 – Collecting information about persons and systems.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment and testing.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and VIPs.
- Step 6 – Critical infrastructure.
- Employee collusion with external parties.
- Blackmailing employees: The art and the science.
- Romance fraudsters and webcam blackmail: Which is the risk for the health care industry?
- Trojan Horses and free programs, games and utilities.
- Social Engineering.
- Reverse Social Engineering.
Common social engineering techniques
- 1. Pretexting.
- 2. Baiting.
- 3. Something for something.
- 4. Tailgating.
- Phishing attacks.
- Clone phishing.
- Whaling – phishing for executives.
- Smishing and Vishing Attacks.
- Point-of-sale (POS) fraud and challenges.
- Credit card cloning.
- Honeypots, rogue access points, man-in-the middle attack.
- What customers need, and which are the cyber risks?
- Examples of challenges and risks.
- From customer satisfaction vs. cybersecurity, to customer satisfaction as the result of cybersecurity.
- Cyber Hygiene.
- The online analogue of personal hygiene.
- Personal devices.
- Untrusted storage devices.
- Case studies. Cyber-attacks against health care providers. The vulnerabilities and the best practices to avoid similar incidents.
You may contact us to discuss your needs.
Our catalog, instructor-led training in Switzerland, Liechtenstein, and Germany: https://www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Catalog_2019.pdf