Sadly, 326,000 patients were impacted in today’s UCONN Health phishing attack. Several employee email accounts were hacked in the security incident, breaching personal and medical data; 1,500 patients saw Social Security numbers breached. This was the result of a very common and preventable phishing attack.
We have warned companies in the Connecticut and New York area about cybersecurity threats for many years now.
This attack though, like almost all of them, could have been prevented. Part of protecting any organization has to do with training and education. This is exactly why we spend the time on this site to educate the people of Connecticut about cybersecurity dangers.
We provide informative cybersecurity articles and even take to television to educate you on the pitfalls of not securing your systems effectively.
If you are just discovering Apex Technology Services as a resource – we would like to direct you to informative articles which could have helped UCONN and will definitely help your organization – whether you are a hospital, university, hedge fund, law firm or any other company.
Last year we summarized the 41-page Connecticut Cybersecurity Plan so you wouldn’t have to read it all. Here are some highlights:
1. Executive awareness and leadership;
2. Cyber literacy;
6. Communication; and
The single, most impactful way for any organization to reduce cybersecurity risk is to have informed and engaged leadership. Leadership positively influences the rest of the principles, flows through all sectors and throughout the action plan.
Last week we warned the U.S. is the greatest hacker target and later detailed how businesses are facing the worst cybersecurity threat situation ever.
We also wrote on Valentine’s Day that the government shutdown will likely increase spear phishing attacks.
Our company Apex Technology Services has been helping Connecticut companies deal with phishing attacks for many years. We are often hired to help companies with cybersecurity training as well as phishing simulation. This simulation sends phishing messages from our company to employees. We then track to see who clicks and then educate these workers so they learn what not to click on next time.
This service was so successful - near 100% in some companies that we decided to allow all organizations to try it for free. Check out PHISH360 for more.
Six days ago we wrote about how cybersecurity incidents are skyrocketing in education. Phishing was pointed out as one of the types of attacks which is rising.
Hospitals and medical centers are major targets for hacking for a few reasons. Medical information has a lot of value and ransomware ransoms are more likely to be paid if human life is at risk.
Other medical victims this year include UW Medicine who reported a breach impacting 974,000 patients last week. Also Rutland Regional Medical Center reported that nine employee email accounts were hacked between Nov. 6, 2018 and Feb. 6, 2019.
Here are other areas all organizations looking to promote a cybersecurity culture need to focus on:
- Cybersecurity training must be done regularly.
- Auditing and documentation must be performed regularly to ensure systems are secure.
- Anomaly detection should be running constantly to detect threats as they emerge.
- Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
- Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
- An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.
It’s a dangerous world and it is getting worse. Every company must be proactive to stay secure