HIPAA-compliant Email Security Stops Ransomware Attacks on Hospitals

Share Article

CISA, FBI and HHS warn of Ransomware attacks on Healthcare Facilities. MailRoute stops those attacks.

Healthcare networks are targeted by ransomware, says FBI

Relying on staff to protect network security is dangerous

“HIPAA-compliant security must meet stringent standards for email handling, including legitimate encryption" --MailRoute CEO Tom Johnson

On October 29, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the U.S. Department of Health and Human Services (HHS) warned of an increased, imminent threat to U.S. hospitals and healthcare providers.

The agencies have credible information that malicious cyber actors are targeting the healthcare and public health sectors with malware that can result in ransomware attacks, disruption of healthcare services and data theft.

Protective measures to prevent ransomware attacks often include alerting employees to be vigilant with respect to phishing attempts. This “people-centric approach” touted by most data security services is simply a way of saying the onus is on the end-user. This appears to be an abdication of responsibility by paid services who are employed to protect their clients. When reassessing an entity’s essential cyber incident response plan, it is imperative to include a HIPAA-compliant gateway security service.

To protect clinicians and patients from targeted threats and ensure data is HIPAA compliant requires a gateway security service, which sits outside the network and functions as the first, and most stringent, line of defense against malicious attacks.

“These targeted ransomware attacks are being waged on hospitals and healthcare facilities because those entities retain data valuable to bad actors as well as the monetary gain from paid ransom,” explains MailRoute founder and CEO Thomas Johnson.

“Finding a HIPAA-compliant security service is difficult, because they must meet the stringent standards of the Federal government as relates to email handling, including legitimate encryption and storage timeframes on a vendor’s network.

“Companies that focus on myriad data services often cannot meet these standards, since they use third-party encryption services that are less robust than required. MailRoute focuses on a core competency of email security, so we are compliant on all levels,” Johnson concludes.

A gateway service eliminates heightened security risks, should have API-level integration and should work with all email platforms and servers. MailRoute’s cloud-based email filtering solution, for example, stops unwanted inbound emails and potential attacks before they ever reach mail servers. Outbound monitoring also blocks confidential files from leaving a client's network.

Cyber Threat Protection
Virtual healthcare is becoming the new normal with the continual increase in the use of web-based mobile apps between doctors and patients and the resulting electronic health records stored in a virtual black hole. Because medical records contain the most lucrative data for hackers to sell on the black market, cyber-attacks on healthcare systems continue to grow.

Email Compliance
While it is critical that hospitals and healthcare facilities meet HIPAA compliance regulations, it’s also important to streamline compliance and regulatory processes for IT teams by using a reliable, efficient and secure gateway service to stop malware, ransomware, phishing attacks, and other spam and viruses.

The joint CISA, FBI and HHS alert (AA20-302A) can be found here.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Rachel Plecas
Follow >
Visit website