Home - Article

Featured Article

January 31, 2020

How to Protect Healthcare Organizations from Recent Phishing Threats


Healthcare is a lucrative area of focus for hackers for numerous reasons.

Patient data is valuable and can be sold easily on the dark web – over and over, to identity thieves and those who want to use the information to commit fraud. In addition, many healthcare organizations like hospitals need their systems to be constantly operating or patients could die.

For these reasons, they are one of the most lucrative cybersecurity targets.

Hackers are aware of this – in 2017 we reported that 78 percent of healthcare providers experienced a malware or ransomware attack in the last year. In other posts – we described hacks at Great Plains Health and UCONN. Then there was the news just from a few months back of ten hospitals being hacked simultaneously! This reminds us of the potential for a cyber 9/11 that politicians have warned us about.

The country or world for that matter is not prepared for an event which targets a large group of organizations at once.

Part of the reason is there is no central coordination to defend these various companies and medical facilities.

Sadly, many in the medical profession do not worry about breaches until their organization’s survival is threatened.

In other words – even after a breach, it is business as usual – a few patches added and that’s about it.

The amazing thing is many hacks – in fact, most of them are coming from phishing. It’s a growing way to hack into companies and install ransomware, extortionware, etc.

The most recent hack in the medical space took place at New York City-based VillageCare Rehabilitation & Nursing Center.

The hacker was able to trick an employee into sending information on patients. After VCRN learned of the phishing incident, officials began investigating the incident with the help of a third-party forensic specialist.

VCRN is notifying 674 patients that their information may have been exposed. Patient data that might have been sent to the unauthorized person included names, dates of birth, insurance information, provider names and identification numbers. VCRN said there is no evidence that patient information has been misused.

"We take this incident and security of personal information in our care seriously. We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures. We reported this incident to law enforcement and regulatory authorities," said VCRN in a news release.

Becoming a victim of a phishing scam has led VCRN to review its cybersecurity practices.

Phishing is the act of sending emails which seem like they come from a legitimate source when in fact they come from a hacker looking to trick a user. When the phishing becomes more targeted, we call it spear-phishing.

It is difficult to fathom how much personal information is available in marketing databases and on the dark web. Both can be used – merged together, in order to produce a profile of targeted users. This, in turn, allows phishing to become more targeted.

County music fans, for example, can be sent targeted spear-phishing emails, appealing to their interests and so on.

Before opening a malicious email, users need to be trained using phishing simulation services like PHISH360 so they become educated with instructional emails, not malicious ones. If a user opens or clicks on links in a phishing simulation email campaign, they are generally sent to a page that trains them.

It is crucial to continuously train workers because a moment of weakness, forgetfulness or fatigue may allow hackers onto the network and information to leak out.

Cybersecurity is a complex space but phishing and spear-phishing are such common attack points that every organization needs to lock these areas down FIRST. That is where phishing simulation comes in.

Most services in the space start at free or are low cost. Not using such a service is corporate malpractice.

For IT service and tech support in Manhattan, New York, Connecticut and beyond, contact 5-star and award-winning Apex Technology Services and keep your organization protected.


 

Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!