Cyber Threat Alert in Healthcare: 3 Steps to Stay Ahead of Digital Risks

October 30, 2020

Phishing and ransomware are not new concepts in 2020, but there is a new target for cyberattacks in late October – U.S. healthcare. On Oct. 28, 2020, the Department of Homeland Security issued a formal alert in partnership with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) about “increased and imminent cybercrime threats” to U.S. hospitals and healthcare providers.

In the alert, they outline guidance on how organizations can protect themselves against attacks. Here are a few key aspects where SAI360 can also help prevent these digital risks. 

1. Develop an active business continuity plan

CISA, the FBI, and DHS encourage organizations to maintain business continuity plans, the practice of identifying potential risks to executing essential operational functions through emergencies such as cyberattacks, to minimize service interruptions.

SAI Global Pandemic Plan TemplateIf your organization doesn't have already have an active BCM practice, use our free pandemic plan template as a tool to guide you through planning steps, identify key business impacts, and run through a preparedness checklist.

Ideally, a business continuity plan should be a living document, reviewed on a regular cadence so that your organization can try to prepare for potential interruptions (and 2020 has been full of them). 

These are just two of the many BCM and risk management tools that our team provides to help you establish a strategy for operational resilience – browse our additional insights, including the key risks to watch through the end of 2020.


2. Educate your employees – then remind them

Training and awareness about cybersecurity threats at work aren’t once-a-year events. Cybercriminals are always changing their tactics, and you need to keep employees informed. It’s one thing to block incoming suspicious emails to try to prevent phishing and ransomware; this year’s attacks are using social media and messaging apps and relying on our interwoven our personal and professional contacts. 

Because end users are often targets, regularly update employees and stakeholders to make them aware of what the latest cyber threats look like and how they are delivered. Additionally, provide users ongoing training on information security principles, techniques and emerging cybersecurity risks and vulnerabilities.

SAI Global Data Privacy and Information Security training video Ready to get started? Download our free training video to refresh your team’s knowledge about data privacy and information security basics.



3. Create a hotline

Ensure that employees know who to contact when they see suspicious activity or believe they have been a cyberattack victim to ensure you can deploy a proper, established mitigation strategy quickly and efficiently.

Need to evaluate the effectiveness of hotlines as compared to the current guidelines established by the DOG and the OIG? Watch our webinar.


This year has pushed us all to adapt to many new digital experiences and, for many of us, remote work interactions are our new normal. In the healthcare community, this means more email communications between patients and providers, opening a whole new set of access points cybercriminals are using to gain access to sensitive data.

To learn more about how SAI360 helps businesses stay protected and resilient, check out our Information Security Awareness news site, or our insights on how to manage Healthcare Compliance.



Additional cybersecurity reading resources:

Cybersecurity tips for healthcare compliance and privacy officers from Richard Kusserow of Strategic Management Services

Visit our Pandemic Information Center, which includes reading materials, podcasts, and other best-practice guidance around managing business continuity, compliance, risk management, compliance, and workforce health and safety amid the coronavirus pandemic. 

Learn more about our solutions for risk management

Or, contact us to see how SAI360 has helped organizations like yours. 

Previous Article
Are Compliance Programs Part of Your Company’s DNA? A Fraud Regulator Wants to Know.
Are Compliance Programs Part of Your Company’s DNA? A Fraud Regulator Wants to Know.

A roundup of recent news in compliance and regulatory enforcement.

Next Article
Benchmarking Seasonal Risks in Global Ethics & Compliance Programs
Benchmarking Seasonal Risks in Global Ethics & Compliance Programs

A review of data from our seasonal benchmark survey, which takes the temperature of global ethics and compl...

See what’s new with SAI360.