By Scott Kroh
At the May MGMA Medical Group Management Association meeting for the Eastern Oklahoma Chapter, I learned more about the cyber risks being faced by the modern medical office. The speaker was David Westman the CIO of Banc First Oklahoma. Mr. Westman has been with Banc First for almost seven years and has been in technology for 30 plus years.
His presentation focused on two areas of emphasis; (1) the threat landscape that customers are facing and (2) some suggestions on best practices for combating cyber threats.
Of the most common threats, he listed Account Takeover, Fake Anti-virus, Denial of Service, Ransomware, Spear Phishing, Heartbleed Bug and Target Hack. One of these threats, Ransomeware, is when perpetrators gain access to a network and then encrypt a company’s data. The perpetrator then contacts the company and sets a price for unencrypting the data.
Another threat mentioned was Fake Anti-virus. It looks like and acts like an anti-virus update, but once it is “clicked on” and “downloaded” the attacker now has access to your computer, network and data.
So what are the two most common ways these threats gain access to your network? Either through opening attachments you don’t recognize or accessing a landing page of a website over the internet. The advice here is don’t open any attachments from E-mails senders that you don’t know and secondly don’t visit websites that you suspect might lack appropriate security. Mr. Westman closed out the presentation by recommending some technology and security best practices.
The following list are his top seven recommendations.
1. Implement Least Privilege or Secure Desktop Model
2. Implement White Listing Technology
3. Install Endpoint Security Software
4. Use Encryption Software for Sensitive Data
5. Maintain Patch Management
6. Dedicated PC for Online Banking
7. Conduct Employee Awareness Training
For more information on the MGMA please visit their website. It is a great organization and resource for today’s practice manager.