This week on the HIPAA Critical Podcast, Paubox marketing manager Sierra Reed chats about the benefits of multi-factor authentication, the dangers of phishing attacks, and how Inclusa is winning this week thanks to Paubox. She also discusses how 5 years of patient records were compromised at a hospital in Colorado.
Here’s the full transcript of this episode.
Olena Heu: Welcome to another edition of the HIPAA Critical Podcast. I’m your host, Olena Heu. And joining me this week is marketing manager of Paubox, Sierra Reed.
Sierra: Hi, Olena. Thank you so much. Happy to be here.
Olena Heu: Now, each podcast we’d like to highlight a few things, winners, failures, and of course, what’s happening in the news right now. So let’s jump right in.
Sierra:Yeah, sure. So the deployment of remote tech, telehealth, and temporary hospitals due to COVID has significantly increased vulnerabilities in healthcare. Cybercriminals are targeting VPN’s, cloud service platforms and remote workers to financially benefit from the pandemic.
And as a result of this, organizations should really be monitoring their systems to ensure that they are protected from these new threats.
Olena Heu: So what I’m hearing is that remote medical facilities have expanded their attack surface beyond the traditional network perimeter due to remote technology?
Sierra:Correct. And to address potential risks, organizations should really be reviewing possible areas where security may have been overlooked. So this really starts with visibility. And essentially, security teams need to have visibility into their digital assets. And these include mobile devices and remote technologies so that they can be secure no matter where they are.
And another important thing to note is that field hospitals running on the networks of area convention centers or stadiums, are particularly vulnerable to attacks as the security of these networks are entirely unknown.
Olena Heu: Understood, and I totally agree. So what are the key takeaways here?
Olena Heu: Excellent. Well, thank you for that. Now it’s time to highlight who’s winning this week.
Sierra:Yes, this is great. This is my favorite part of the podcast. So our winner of the week is one of our clients, Inclusa, and they are a Wisconsin-based managed care organization with about 1,200 employees serving more than 15,000 members with long term care services.
And they’re large; they have 37 locations, and have been a client since 2019. So their goals like lots of our clients before using using us were to really make it easier for their members to receive emails containing PHI, protected health information, and they wanted to simplify the process of sending PHI over emails to make employees’ jobs easier, and they most importantly wanted to reduce the time that their IT team spent dealing with secure email related support tickets. Which is huge.
Olena Heu: Wonderful. So I read this customer success story on your website. So by switching to Paubox they were able to free up about 20 hours a week. Is that correct?
Sierra:Yes, that is correct. And that is huge. As you know, that is half of a full time employee’s workweek. That is the amount of hours their CIO estimates that our solution suite saves them a week.
Olena Heu: So did they try any other solutions prior to trying Paubox?
Sierra:They did. They tried Zix, which is a portal-based solution, as well as Microsoft 365’s email offering. And both options presented real problems in communicating with providers and members. Providers would forget their passwords and not be able to log into the portal. And so Inclusa’s IT teams spend hours each week resetting passwords and walking recipients through the retrieval process.
Olena Heu: It does sound like a lot of time, and all of that time could have been spent helping their patients.
Olena Heu: So I’ve heard you mentioned Paubox Email Suite. That is terminology that I haven’t heard before.
Sierra:Yes. Great, great question. Paubox Email Suite is a new subscription. And it’s essentially our encrypted email, inbound security with ExecProtect, and email DLP all under one umbrella. So glad you asked that. It’s a new terminology and new subscription that we just rolled out.
Now we’re going to transition over to the failures. Because you know, when we’ve got winners, we’ve also got failures too.
Sierra:For the failure, I would like to talk about a ransomware attack that left five years of patient records inaccessible at Rangely District Hospital in Colorado.
Olena Heu: Oh, no, that’s terrible.
Sierra:It really is. The attack was launched to lock RDH out of its files in an effort to extort money. And RDH did not pay the ransom, and the identity of the cybercriminal behind the attack is still unknown.
The type of information that has not been recovered includes medical records and some home health records. And RDH has made changes to its remote network access policies and implemented password changes to all user accounts to help thwart the attack, and they are also researching more data backup options, and have purchased carbon black software technology to flag any potential breaches during restoration.
Olena Heu: Interesting. And why does this breach matter in the grand scheme of things?
Sierra:Yeah, that is important because cyber attacks on health systems have continued to ramp up during COVID, as I’m sure everyone is aware, and phishing again is among the most common causes of data breaches, with attackers frequently taking over users’ Office 365 accounts, installing ransomware or intruding on the network after gaining access, and security professionals have specifically pointed to ransomware as an issue that organizations will face for years to come.
That is why Paubox is passionate and dedicated to helping our clients defend themselves with Paubox Email Suite which we mentioned above. We leverage ExecProtect, which is our patent-pending technology that eliminates display name spoofing, ransomware and phishing attacks.
Olena Heu: Excellent. Well, thank you so much, Sierra, for joining me this week, and of course, a wealth of information and knowledge.
If you like what you hear, be sure to like and subscribe to our HIPAA Critical Podcast. And for more information, you can also log on to our website, paubox.com. Thanks for tuning in, everyone.