To mitigate risk to your patients' protected health information, you need to consider the cybersecurity policies your healthcare business associates and vendors have in place at their own organizations. These are a few questions you should be asking potential partners to help reduce risk from extremely common malware.
We can't stress enough the importance of ensuring that business associates have appropriate security policies and practices. A major threat to the security of your patients' protected health information is infostealer malware that may steal employees’ login credentials from their browsers without their knowledge. To illustrate the risk, consider a hypothetical scenario and its potential impact.
Scenario
“John” works for a revenue cycle management firm with several hospitals and medical practices as clients. As a result of the pandemic, he started working remotely, using his personal computer to access his work account. Like many people who use complex passwords for security, John uses a password manager installed in his browser to store all his logins. Unbeknownst to John, a website visited by a family member infected his computer with malware that exported copies of all his family’s login credentials that were stored in their browser – online banking, social media accounts, the children’s schools, healthcare patient portals, retail accounts, and John’s login credentials to work. The logs were eventually sold on a dark web market. Read More >>
