How To Keep Patient Data Safe | Microsoft Buys RiskIQ | The Cyber Review

July 13, 2021
Written by Farah

Microsoft buying cybersecurity firm RiskIQ

Microsoft announced it is buying cybersecurity firm RiskIQ to help companies as cyber threats increase.

RiskIQ's software allows organizations to monitor their entire networks — including operations running on various cloud providers — and its threat intelligence research helps businesses understand and mitigate potential risks.

Cybersecurity is an ongoing conversation in organizations especially after the major ransomware attacks on critical infrastructure. It's no doubt companies having cybersecurity at the top of mind.

Microsoft has also had its own cybersecurity challenges this year:  breach of the company's Exchange email service in March, potentially giving the group access to data from tens of thousands of organizations, including state and local governments, academic institutions, infectious disease researchers and businesses.

Prior to the acquisition, RiskIQ had raised more than $80 million from investors. Most recently, it raised a $15 million Series D round announced last June aimed at helping integrate the company's software into critical infrastructure, including to protect against nation-state adversaries. At the time, RiskIQ said it served 30% of the Fortune 500 and 6,000 organizations globally.

Canada among prime targets of new Office macro infection tactic

A new McAfee report shows that Canada is among the countries where hackers are trying a new tactic for bypassing protections from macro-based malware in Microsoft Office.

The hacker will send a phishing email with a Microsoft Word document attached. If the document is opened, a password-protected Microsoft Excel file is downloaded.

Microsoft Office has macros turned off, however, the phishing message says the document was created in a previous version of Word, and asks the victim to click on the ‘Enable editing’ and Enable content’ buttons which then enables macros to run.

“Malicious documents have been an entry point for most malware families,” the blog notes, “and these attacks have been evolving their infection techniques and obfuscation, not just limiting to direct downloads of payload from VBA, but creating agents dynamically to download payload as we discussed in this blog. Usage of such agents in the infection chain is not only limited to Word or Excel, but further threats may use other living off the land tools to download its payloads.”

People should not open emails or click on any attachments without ensuring it is a verified sender.

Safeguards to protect patient data

Cybersecurity is crucial in healthcare settings considering the plethora of confidential information that is held in healthcare databases.

How to set processes to ensure patient data is safe:

1. Conduct a risk analysis

A full risk analysis will show what systems need protection. Not all systems contain sensitive information, and they might not need the same safeguards. With a risk analysis, you can start looking into what processes should be implemented and system safeguards that need to be put in place for each system.

2. Implement EMR Access Auditing

Electronic Medical Record system (EMR) audits can be done by utilizing a patient privacy monitoring system that does the work for you can help streamline this process and ensure any suspicious accesses to patient information are flagged and reviewed in a timely manner.

3. Ensure appropriate access for third parties/business associates

By making sure third parties or business associates only have access to patient data that they need and nothing more than that can help keep healthcare organizations safe. Here are some ways you can maintain visibility and control:

  • Make sure to have an agreement. All third parties or business associates are required to provide in writing that they will safeguard the information.
  • Use least privileged access for business associate access rights so they are only accessing information that’s absolutely critical to their business.
  • Implement multi-factor authentication to quickly and efficiently authenticate user access.
  • Conduct due diligence required by HIPAA such as documentation and monitoring of business associate activity and risk assessments.

4. Educate staff on protecting patient information

Ongoing education and support is just as important as the other points listed. Staff should receive opportunities to learn about cybersecurity and get training so they are aware of the risks, and how to mitigate them.