Post-Acute Care News

Long-term care cyber-attacks are on the rise. From single-location facilities to nationwide organizations, the long-term care industry is facing cyber threats like never before.

How can you keep your long-term care organization safe from attacks? The first step is to know what you’re dealing with.

Threat Type #1: Email Phishing Attacks

By far the most common cyber-attack, email phishing is when a hacker attempts to gain protected information (usually passwords) through deceptive means. Often, victims will receive an email from a trustworthy individual or organization insisting that they click a link or fill out a form. As soon as they do, the hacker captures their information and can use it however they wish.

Phishing attacks are dangerous because they rely on human error, not software loopholes or vulnerabilities. The emails often seem credible. For instance, your staff might receive a bulk email from you stating that their passwords have been reset and that they must enter their login information to confirm. They click the link in the email, which takes them to a landing page that looks exactly like software your organization uses. Since it looks legit, they enter their information, and the attackers now have access to your systems.

Staff training and vigilance can reduce the likelihood of a successful phishing attack, but it only takes one slip-up to compromise your security.

Threat Type #2: Ransomware / Malware Attacks

Malware attacks are viruses, worms, Trojan horses, spyware, or any other type of malicious software application that a user downloads to your system. The programs themselves can do anything imaginable to your network. Some malware simply hides or deletes information. Other programs shut out users or make certain applications totally inoperable.

A malware attack becomes a ransomware attack when the hackers offer to reverse the damage they have caused for a monetary payment. Larger organizations have paid ransoms in the millions of dollars just to get their systems back online.

Malware and ransomware attacks are initiated through clicked links or file downloads. Once downloaded, the program attaches itself to different files and gets to work. Email filters and other scanning programs help, but hackers are finding more and more ways to get these files onto your organization’s computers.

Threat Type #3: Social Engineering Attacks

Phishing isn’t the only cyber-attack that relies on human error. Other types of cyber-attacks take a different, yet still personal, approach to stealing information.

Baiting is a type of cyber-attack that promises a desirable good in exchange for a user’s information. For example, a website might offer free music downloads for providing your email login and password.

Pretexting is all about the story. The attacker creates a plausible pretext for requiring the information they ask from you. For instance, they might ask for your full name, social security number, and mother’s maiden name to confirm your identity. In reality, they’re using that information to commit identity theft.

In the end, your best defense against cyber-attacks is education. Talk to your staff about cyber-attacks and make sure they understand what’s really at stake.

Beyond your employees, consider partnering with an IT provider to secure your long-term care organization’s data against cyber-attacks. For instance, Prime Care Technologies offers a highly secure Tier III+ data center as well as a separate disaster recovery center to its clients.

It’s not a question of if you’ll be the victim of a cyber-attack — it’s when. And when it happens, don’t you want to be ready?

Introduction

One of the most common ways cyber attackers attempt to trick or fool people is by scamming you in email attacks (often called phishing) or try to trick you with phone calls. However, as technology continues to advance, bad guys are always trying new methods, to include tricking you with messaging technologies such as text messaging, iMessage, FaceTime, WhatsApp, Slack or Skype. Here are some simple steps to protect yourself so you can spot and stop these common attacks.

What are Messaging Attacks?

Messaging attacks (sometimes called smishing, a play on the word phishing) are when cyber attackers use SMS, texting or messaging technologies to reach out to you and try to trick you into taking an action you should not take. Perhaps they want to fool you into clicking on a malicious link or get you to call a phone number so they can get your banking information. Just like in traditional phishing email attacks, bad guys often play on your emotions to act. However, what makes messaging attacks so dangerous is that they often feel far more informal or personal than email, making it more likely you may fall victim. In addition, with messaging attacks there is less information and fewer clues for you to pick up on that something is wrong or suspicious. When you receive a message that seems odd or suspicious, start by asking yourself does this message make sense; why am I receiving it?

Common Signs of an Attack

• A tremendous sense of urgency, when someone is attempting to rush you into taking an action.
• Is this message asking for personal information, passwords or other sensitive information they should not have access to?
• Does the message sound too good to be true? (No you did not win the lottery, especially one you never entered.)
• A message that appears to come from a co-worker or friend’s account or phone number, but the wording does not sound like them. (Their account may have been compromised and taken over by an attacker, or the attacker is attempting to pretend to be them, tricking you into taking an action.)

If you get a message that makes you have a strong reaction, wait a moment and give yourself a chance to calm yourself and think it through before you respond.

Combining E-Mail and Smishing Attacks

Sometimes bad guys will even combine email and messaging attacks. For example, gift card scams can work this way. A cyber attacker will send you an urgent email pretending to be a friend or co-worker, then ask for your cell phone number. Then they can send repeated text messages, pressuring you to purchase gift cards. Once purchased, the attackers have you scratch off the code on the back of the cards and message a picture of the codes back to them. Another common attack urges you to “check out” a video or picture (“you won’t believe this!”). It appeals to your sense of curiosity. If the message looks like it is from someone you know, perhaps call the person on the phone to verify before you act.

Follow Up to Confirm

If you get a message from an official organization that alarms you, check with them directly. For example, if you get a text message from your bank saying there is a problem with your bank account or credit card, contact your bank or credit card company directly by visiting their website or calling them directly using the phone number from the back of your bank card or credit card. Bear in mind that most government agencies, such as tax or law enforcement agencies, won’t contact you via text message.

Conclusion

When it comes to messaging attacks, you are your own best defense. Always stay vigilant, exercise skepticism, and practice secure behavior as a human firewall.

We’d like to thank this month’s guest contributor from the SANS Security Awareness team, Jen Fox. 

As we enter the holiday shopping season, the risk of online fraud increases dramatically. According to the U.S. Secret Service and the Cybersecurity & Infrastructure Security Agency, U.S. retail e-commerce spending for this holiday shopping season is forecasted to top $135 billion. Online criminals will utilize this busy time to prey even more upon consumers who are unsuspecting or unprepared. The following information and best practices can help you have a more secure shopping experience during the holiday season and beyond.

Software and Antivirus Updates

No matter what the device you shop from, Operating System updates and antivirus definitions should be installed as soon as they are available.

Account Passwords

Passwords to online shopping sites and other accounts should be changed regularly and different passwords should be used on each account. If offered by the site, take advantage of multi-factor authentication for an added layer of security. Passwords on home networking equipment, such as Wi-Fi routers, should be changed from the default password they are configured with from the factory. 

Payment Cards

Credit cards should  be used instead of debit cards. Credit cards have better protections for the consumer if fraud occurs. Debit cards have no limit to the amount of loss the consumer can suffer. Verify online transactions by checking your credit card and banking statements routinely.

Using Public Wi-Fi

Online shipping or banking should NOT be conducted over publicly available Wi-Fi networks. While the network in a restaurant, coffee shop, or store may require a password, there is no guarantee as to how secure the network is or who may be monitoring and intercepting your online transactions.

Beware of Phishing E-Mails and Social Engineering

This is the time of year in-boxes are flooded with offers of all sorts, which increase the possibility of encountering fraudulent websites and e-mails. Avoid opening attachments and clicking on links within e-mails from senders you do not recognize. Often, these attachments or links can contain malicious content that can infect your device or computer with ransomware or steal your personal information. Type the hyperlink for the website manually into your browser rather than clicking on the URL in the message. Also, be wary of e-mails or calls requesting that you verify your account by providing information such as your login, password, account number, etc. Legitimate businesses will never call you or e-mail you directly for this information. Utilize the customer service numbers on your credit cards, debit cards, bank statements or the merchant’s website to verify any information requests. Lastly, remember that, if the offer sounds too good to be true, then it probably is.

Whom You Conduct Business With

Extra consideration should be given to merchants and businesses you provide your personal and payment information to online. Reputable and established online businesses utilize encryption to protect your information as it is transmitted to and from your computer or device but this might not be the case for “unknown” online merchants. Also, to lessen the risk of visiting fraudulent or “spoofed” websites, consider how you get there. Certificate errors can be a warning sign that something is not right with the website. When shopping from your smartphone, only use apps from trusted businesses and downloaded directly from the device’s designated app store.

Content provided by the U.S. Secret Service and the Cybersecurity & Infrastructure Security Agency (CISA) and edited by Mark Owens, Director of Information Security, Prime Care Technologies

Technology pilots are a proven way for vendors and skilled nursing providers to try out new products before bringing them to market or full-time in-house. Cheryl Field, chief product officer for Prime Care Technologies, likens the process to buying a pair of new jeans: While they may look good in the catalog, it’s much different after trying them on.

Check out vendor-suggested tips that can help you make the right decision before taking the leap.

Read the full article here.

Along with several other long-term care and tech companies, Prime Care Technologies was included in the December issue of McKnight's for its recent mobile app and predictive tools release for primeVIEW, the company's business-intelligence dashboard. The cloud-based product integrates EHR data, labor, accounts receivable, satisfaction scores, hiring and Five-Star quality ratings, and forecasts PDPM revenue opportunities.

Read the full article in McKnight's Long-Term Care News.