CEO scams: How they are affecting hospitals
We’ve all seen a spam email in our Inbox. But recently, more and more of these emails are starting to pretend to be someone we know and work with. These are known as “CEO scams.” If you’re not careful, these impostors could gain access to company records and financial data.
“Co-workers are so willing to help each other,” said Jeremy Johnson of the Better Business Bureau. “People want to do great jobs at their job.”
The Better Business Bureau says that scammers, impersonating as a co-worker, are asking for people to take care of a task, and then send them company data or send a link that then could access tons of company information.
“If you’re getting one of these emails and it isn’t from a co-worker and you’re clicking on links and moving to different websites or areas, your computer could get a virus, it could get hacked,” Johnson said.
These types of scams are starting to become a big concern for health care facilities nationwide.
“Just this last couple of weeks we’ve had some people try to connect into different areas of the company,” Shane Paynter, the director of information and security for Mountain View Hospital.
Hospitals and other health care locations must not only worry about financial information being stolen but precious cargo like records on patients and charting software.
“We have to be compliant with HIPAA (Health Insurance Portability and Accountability Act) and other compliance standards to make sure that we’re in line,” Paynter said.
Places like Mountain View Hospital in Idaho Falls must make sure their IT departments are beefed up well enough to handle the ransomware.
“We have a lot of systems that detect good things from bad things, basically,” Paynter said. “Then we encrypt our data so that it is locked.”
But besides that, Paynter said that the most effective security system you can use is your people.
“You can have the best security systems there are but there is still a person involved that can be talked into helping these attackers do what they want you to do,” Paynter said.
The hospital also makes sure all employees are well-trained so that they can spot the difference between a real co-worker’s email and that of a scammer. New employees go through security training right away. As well, all employees go through it annually.
To keep the security measures on employees’ minds, they also send out occasional emails and put up posters throughout the buildings.
“If you get an email, look at it and if it doesn’t make sense delete it,” Paynter said. “If it is legit, it can be sent again. If it’s not, then you just saved yourself from a possible problem.”
There are always red flags to look out for, like different looking email addresses or strange questions being asked.
These tools not only apply to hospitals, but to any company or business.
“If it’s already gotten past the email filters and the antivirus and everything else, the last line of defense is you,” Paynter said.