Join us for the Human Behavior Conference on Oct. 30th
At an average cost of USD 10.93 million, healthcare has the highest data breach costs of all industries. Healthcare organizations are now reporting data breaches at a rate of around two per day. In contrast, just four years ago they were reporting data breaches at half that rate. How are cyber threat actors gaining access? The Health Sector Cybersecurity Center has named phishing as a leading cause in these data breaches. Indeed, phishing attacks often give threat actors the entry point they need to steal credentials allowing them to access accounts holding sensitive data. With this in mind, let’s look at two notable phishing attacks that targeted healthcare organizations this year.
Henry Ford Health notified 168,000 patients that an unauthorized individual gained access to employee email accounts that held protected health information (PHI). A spokesperson for Henry Ford Health said the unauthorized access occurred after employees responded to phishing emails. A review of the email accounts confirmed that they held the following patient information: name, date of birth, age, gender, telephone number, medical record number/ internal tracking number, lab results, procedure type, diagnosis, and date(s) of service.
A Highmark Health employee disclosed their credentials to an unauthorized individual after clicking a malicious link in a phishing email. The unauthorized third party was then able to access the employee’s email account remotely, potentially viewing and exfiltrating emails and attachments. A review of the emails and attachments revealed they held the PHI of health plan members.
The financial cost, legal ramifications, and reputational damage, resulting from a data breach can be devastating. As we’ve seen, threat actors are using phishing, a social engineering tactic, as an entry point to steal credentials giving them access to accounts holding sensitive data. In view of this, security awareness training should teach your workforce to recognize and report potential phishing emails. At Social-Engineer we focus on human-to-human social engineering. Our fully managed phishing service deploys Human Risk Analysts who are professionally trained and certified social engineers. With our managed phishing service, you’ll receive our expert analysis. Let the experts at Social-Engineer enhance your security awareness program. Please contact us today for a consultation.
Vishing Attacks Targeting Healthcare Organizations.
SMiShing Attacks Target the Healthcare Sector
In the modern era of technology, the methods of cyber criminals and bad actors alike continue to evolve. The topic of deepfake attacks is becoming more common in the digital
According to Workplace, in 2019, “60% of remote-capable employees spent their week working fully on-site, whereas that figure has fallen to just 20% in 2023.” Additionally, hybrid work has increased
