Editor’s Note: The information below is shared on behalf of Duc D. Lai, CISM, CISSP, MBA, UMMS, Vice President, Chief Information Security Officer
Healthcare organizations are a particularly popular target of cybercriminals who take advantage of current events to launch phishing attacks, using voice calls and emails to steal sensitive information or compromise company computers. With the recent cyberattack of Change Healthcare, we must remain vigilant and take proactive measures to protect ourselves and our organization from these threats.
Here are some important points to keep in mind:
• Be cautious of unsolicited phone calls or emails: If you receive a phone call or email requesting personal information, login credentials, financial details or offering software downloads, exercise caution. Verify the legitimacy of the email by checking the sender’s email address, looking for any grammatical errors or inconsistencies.
• Avoid clicking on suspicious links: Phishing emails often contain malicious links that can lead to stolen passwords, malware installation or unauthorized access to sensitive data. Refrain from clicking on any links or downloading attachments from suspicious emails.
• Report any suspicious activity: Prompt reporting can help prevent further security breaches and protect our organization’s assets. If you encounter any suspicious emails, phone calls, or other forms of communication that seem related to recent healthcare industry cyber-attacks or appear to be phishing attempts, report them immediately, per the following:
- Suspicious Emails: Report any suspicious emails to the IST Security team via the Suspicious Email button at the top right of your Outlook.
- Suspicious Phone Calls: Report to the UMMS Help Desk at helpdesk@umm.edu or 410-328-HELP.
Collective efforts are crucial in safeguarding our organization’s data and infrastructure. Thank you for remaining vigilant and proactive!