Cyberthreats to Health Care, Electronic Health Records Prompt Need for Vigilance

The N.C. Health Information Exchange Authority (NC HIEA) is reminding all health care organizations and providers to be vigilant for malicious cyber activity.

Amid geopolitical tensions in Europe, the risk has increased for sophisticated, high-impact ransomware attacks against critical infrastructure, including health care, according to a joint cybersecurity advisory from the U.S. Cybersecurity & Infrastructure Agency (CISA).

Health care organizations, particularly electronic health records, can be top targets because the protected health information they maintain can be profitable on the dark web or black market. In 2021, incidents compromised more than 40 million patient records, according to the U.S. Department of Health and Human Services (DHHS).

Common cybersecurity threats to EHRs include phishing attacks, malware, and cloud threats. The U.S. DHHS's Health Sector Cybersecurity Coordination Center recently published a brief on these threats and steps health care organizations can take to mitigate them.

How to Protect Your Organization

Health care organizations should have a cybersecurity strategy and policy. Organizations can also implement cybersecurity training for workers, prioritize updates addressing known exploited vulnerabilities, and limit access to resources by requiring strong passwords and multi-factor authentication.

However, cybersecurity is also a responsibility shared by everyone. Health care organizations can encourage staff to:

• Learn about cybersecurity threats and how to protect themselves from reputable sources, such as the N.C. Department of Information Technology, National Cybersecurity Alliance, and CISA's Cybersecurity Awareness Program.
• Be suspicious of unsolicited emails or messages that seem out of the ordinary – even from people they know.
• Do not click on links and attachments they are not expecting. If there is any doubt, check with the sender using another method of communication.
• Visit and download information only from trusted sources.
• Keep software and operating systems up to date on their workstations and mobile devices.

For more tips and information, please visit https://it.nc.gov/phishing.

NC HIEA seeks to mitigate these risks with our technical partners. Learn more about our privacy and security policies.