HST Pathways
  • Who We Help
    • Surgery Centers
    • Management Groups
    • Anesthesia Providers
    • Physician Practices
    • Hospitals / HOPDs
  • Products

    • Surgery Center Management

    • Electronic Charting

    • Scheduling and Care Communication

    • Patient Estimating & Authorization

    • Patient Texting & Pre-Assessment

    • End-to-End Solutions

    • Launching Pad for All Things HST
  • Resources
    • Resources
    • Blog
    • Podcast
    • News
    • Events
    • Partners & Integrations
  • About
    • Why HST?
    • Team
    • Careers
  • Support
    • Client Support
    • Patient Support
  • Login
    • Patient Login
    • Client Login
  • Schedule a Demo
Select Page

The Most Common Entry Points into an ASC’s Network

by Richard Lang | Aug 8, 2022 | Compliance, Cybersecurity, Patient Safety

3 minute read
Richard Lang
Richard Lang

 

Any security program has an obvious goal: protect sensitive information from unauthorized access. This is often very easy to say but more difficult to do in our interconnected, on-demand world.

Why? Money! As we have previously discussed, health information is of great value, so malicious organizations are interested in taking it hostage and extorting as much money as they think they can. If that fails (and sometimes even if it doesn’t), they intend to sell it directly on the dark web for others to use. Either way, they turn a profit.

 

The most obvious question becomes: Where do we start?

To fully understand the issue, one has to shift an organization’s mindset and ask about the basics. What are the potential security risks? Risk analysis is a routine part of any surgical procedure and is as straightforward as identifying the risk, accounting for mitigations, and implementing necessary measures. It is not too dissimilar to IT security risks. First, you need to identify the possible ways malicious organizations could try and enter your environment, then prioritize your response based on probability.

Security survey after security survey has consistently listed the following as potential entry points into computer networks:

  1. Phishing/Smishing/Vishing
  2. Malware – Viruses, Ransomware, Botnets
  3. Man in the Middle attacks
  4. Insider Threats
  5. Malvertising
  6. Password Attacks
  7. Unpatched Devices
  8. SQL Injection

Looking at this list, though unpopular as it may be, your employees are the weakest link. Employee behavior allows malware, man-in-the-middle attacks, password attacks, insider threats, and malvertising to be successful. Naturally, we would want to know what these things are and how we can prevent them. In a nutshell: user education.

 

Phishing/Smishing/Vishing: The Most Common Attack

Phishing/Smishing/Vishing attacks use what’s called Social Engineering. Social Engineering is trying to persuade the end user to act on behalf of the malicious actor and, unfortunately, is endemic because it is so successful. When distracted or rushed, even trained professionals have fallen prey to well-honed social engineering attacks. Whether via email (phish), SMS text message (smish), or voicemail (vish) containing a threat of bad things or a request from “management,” the net results can be potentially devastating to the organization and its patients.

The links included in these attacks can be used to steal credentials (including MFA), download, and install malicious software unbeknownst to the user that can compromise every computer in your network and make its data inaccessible or open to being stolen (exfiltrated).

Some attacks are simply information requests from strangers trying to understand your organization (while pretending to apply for a job), so they can target their attacks (Spear-Phishing). Others mask themselves as a “boss” asking you to buy gift cards because they are busy in a meeting or at a conference, and it would be appreciated if you helped them out.

 

However, most scams have the following traits.

  • They arrive unexpectedly.
  • They ask the receiver to do something the sender has never asked the receiver to do before.
  • They indicate a sense of urgency, claiming the receiver will be penalized if they do not act immediately.
  • The requested action could be harmful to the receiver or their organization if the requested action is taken and is malicious.

In the next post, we will discuss the telltale signs of social engineering that can help employees become more skeptical and less likely to fall prey to social engineering attacks.

 

What Should I Do Next?

Find a third-party vendor to provide security awareness training and launch a simulated phishing attack at your ASC. These vendors will help to help educate your users about the key indicators of a social engineering attack.

 

Don’t miss out on the good stuff – Subscribe to HST’s Blog!

Every two weeks we’ll email you our newest blog posts. No fluff – just helpful content delivered right to your inbox.

Categories

  • Administrator's Corner
  • Behind the Scenes
  • Clinical Strategy
  • CMS
  • Compliance
  • Cures Act 2020
  • Cybersecurity
  • Electronic Charting
  • EMR/EHR
  • ePrescriptions
  • Featured
  • Health & Wellness
  • HST Case Coordination
  • HST eChart
  • HST Home
  • HST Practice Management
  • Just For Fun
  • Leadership
  • News
  • No Surprises Act
  • Patient Engagement
  • Patient Estimations
  • Patient Safety
  • Price Transparency
  • Revenue Cycle Management
  • Supply Chain Management
  • Surgical Scheduling
  • This Week in Surgery Centers
  • Webinars

Recent Posts

  • This Week in Surgery Centers: Dr. Kenjarski – Optimizing Case Scheduling for All Stakeholders
  • This Week in Surgery Centers: Gwen Donithan – Benchmarking to Improve Care & Your Bottom Line
  • This Week in Surgery Centers: Kara Newbury – Acting on CMS’ 2023 Final Medicare Rule
  • This Week in Surgery Centers: 2022 Highlight Reel
  • This Week in Surgery Centers: Adam Hornback – Real Ways to Reduce Waste & Increase Recycling

               

 

 

PRODUCTS

Bundled Products
HST Home
HST Practice Management
HST eChart
HST Case Coordination
HST Price Transparency
HST Patient Engagement

RESOURCES

Resources
Blog
Podcast
News
Events
Partners & Integrations
Security Overview

ABOUT

Why HST?
Team
Careers

CONTACT

Contact Us

1801 West End Ave
Suite 300
Nashville, TN 37203

© Copyright HST, Healthcare Systems & Technologies, LLC 2023. All rights reserved.   |   Privacy Policy   |   Terms and Conditions