On Friday, April 22, the ADA fell victim to a cybersecurity incident that caused a disruption to certain systems, including Aptify, ADA email, telephone, and web chat. Upon discovery, the ADA immediately responded by taking affected systems offline and commenced an investigation into the nature and scope of the disruption. At this time, there is no indication any member information and other data has been compromised; however the investigation is still underway.
The FBI and ADA recently warned that cybercriminals exploit events like the crisis in Ukraine in order to steal personal information and money. One of the most successful ways criminals target and succeed is through your email.
While the nature of the ADA attack has not been released, there are a couple of primary ways you can be targeted. You’ve probably heard of phishing, where cybercriminals use email as their gateway to your personal information. Spear phishing takes email targeting to an entirely new level of scary—your attacker gets to know you. Cyber attackers collect information relevant to you from across the internet and send emails that seems like those you might expect. Sometimes you may be asked to click a link or attachment, or to respond. If you do, you’ve opened the door for malware to get into your practice management system, accounting, and other important applications.
Learn to spot the trick.
Be cautious when you receive an email from the bank, your IT department, or a vendor, for example, stating that you need to reset your password or go to a website to update information. Reach out to the sender separately to verify it really came from them.
Don’t click the link.
A quick way to see if the link is suspicious is to just hover your cursor over it. The URL should point to the site to which the email claims it will be going. If it doesn’t, or you have any doubts, alert your IT team.
Limit cybercrime access points.
Protected Health Information (PHI) should not travel in or out of your general email inbox (Gmail, Yahoo!, etc.). The safest HIPAA-compliant email:
- Meets all five required HIPAA Safeguards.
- Transmits across a private encrypted network.
- Encrypts email in transit and ‘at rest’ in your inbox.
- Requires you to initiate first email communication to those outside your network.
Recovering from an attack is much more difficult and costly than preventing it in the first place. Provide ongoing staff education. Assess the security of your HIPAA-compliant email. And implement a plan to send the bulk of your emails through a truly secure HIPAA-compliant email.