Serving the home health, home care and hospice industry since 1999.

by Tim Rowan, editor

This fall's COVID-19 resurgence has brought more hackers out of hiding and into the networks of healthcare providers for two reasons. More workers have been sent home to work remotely, on less secure home networks. And people are more inclined to click on a phishing email if its subject line includes "COVID," or "pandemic" or "coronavirus."

At home, workers are less supervised and away from informal reminders from co-workers to be vigilant. Hackers have learned how easy it is to spoof a company's logo and return email address to get someone to click on a lure such as "New COVID-19 Warning from [company name] CEO." All it takes is one and they are everywhere in a corporate network.

Mike Murray is the Director of Plexus Technologies, a division within Netsmart. He will host a free webinar at 1:00 EST on Wednesday, December 9 that features two of Netsmart's cyber security partners. Randy Pargman is the senior director of threat hunting and counterintelligence for Binary Defense, and Sharon Hicks, MBA, MSW, is a senior associate with Open Minds. We spoke with Murray about his role at Netsmart and today's webinar.

Murray brings over 20 years of experience in healthcare and information technology to his role at Netsmart, where he is responsible for managing best-in-class technology partnerships and providing technical expertise in the area of cloud technologies and information security.


Behavior the Weak Link

"When you equip a network with virus software and firewalls, when you conduct a HIPAA risk assessment, you are identifying weaknesses in and protecting 'things,'" he began. "Today's hackers have found it is much easier to compromise a person than a technology. The solution to protect a network today is education. I cannot say this more strongly. Behavior is your weak link, not your network."

He added that most IT department personnel understand this because they see it happening. "What is needed is for the C-Suite to recognize it as a problem that needs their attention," he said. "Phishing artists are getting better and better. They can create an exact replica of your company web site. As soon as you log in from home, they are inside. They may sit there without doing anything but observing for a month, learning your company, gathering data. Then, when they activate their attack, it is too late. You are disabled and may have to pay a ransom to recover."


Hackers Love Healthcare Providers

With the ongoing pandemic, hackers have found healthcare providers to be ripe, easy targets. "But don't think you are safe because you are not a big hospital system," Murray continued. "Large systems are likely to have tight physical controls and thorough education programs. Often, small organizations are easier to compromise."

In Wednesday's webinar, Murray and his colleagues will talk about these things, emphasizing education as the best defense. They may also mention Netsmart's security partners and the kinds of services they offer to help all healthcare providers, not just Netsmart customers, to get through these dangerous times unscathed.



©2020 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Home Care Technology: The Rowan Report. One copy may be printed for personal use; further reproduction by permission only.