Healthcare data is some of the most valuable records for threat actors. Every record contains contact information, social security numbers, and potentially financial accounts. An attacker could sell this information on darknet markets or use it for identity theft to collect credit cards and loan money. Whatever the reason, these records are a primary target for attackers, and phishing campaigns aim to make healthcare providers the next victims.
Since the pandemic, more individuals are concerned about health, visiting hospitals for COVID testing, and scheduling vaccines. Hospitals have been flooded with patients, and tired employees leading to additional vulnerabilities from human errors. Phishing campaigns take advantage of human errors and an employee’s inability to notice red flags. Tired employees are better targets, and attackers are aware of the numerous issues in hospitals during COVID and the pandemic lockdowns.
In 2021, millions of patient records have been stolen, mainly from phishing attacks. For example, the New York American Anesthesiology healthcare provider fell victim to a phishing campaign where over 1.3 million patients were affected. The Department of Health and Human Services was also a victim where they exposed about 9.4 million records to threat actors.
Any healthcare provider responsible for a data breach must notify patients, which is a requirement by The Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Department of Health and Human Services has a web page set up where incidents can be reported, and patients can review when and where the breach happened so that they know if they could be the next target in identity theft.
As of January 1, 2021, numerous other ransomware and phishing attacks have been responsible for data breaches in healthcare. Because healthcare records contain identifiable information, it’s valuable on darknet markets. Any patient who thinks their data was disclosed should monitor their credit reports and be on the lookout for phishing emails intended to make more money off the victim.
Phishing campaigns can be targeted at individuals with high-privilege attacks, or they could be randomized where millions of users receive the same email. Untargeted attacks focus on quantity over quality. The attacker hopes that just a small percentage of people will fall for the phishing message. With just a small percentage of victims, an attacker can still generate thousands in revenue from a single campaign.
Spear-phishing campaigns are much more targeted and effective. Fewer email messages are sent to targeted users, but the campaign can be much more potent. With a high-privileged account or successful ransomware installation, an attacker could make millions from their efforts. Ransomware targeting businesses asks for thousands in return for private keys to decrypt data, or an attacker could use stolen credentials to exfiltrate data from corporate servers.
Both types of phishing campaigns are damaging to corporate reputation and patient data privacy, which is why healthcare providers and other organizations should take several steps to protect users from being phishing targets. Users don’t have the training necessary to identify phishing campaigns, but even IT administrators fall victim to these attacks. The best way to protect users is to stop malicious messages from reaching targeted recipient inboxes. This can be done using email filters.
Cybersecurity on email servers is the primary defense against phishing. Email filters leveraging artificial intelligence (AI) work even better to detect malicious messages and quarantine them before they reach the targeted recipient’s inbox. With quarantined email, messages are still available to administrators for review, but they are unattainable for standard users who might not realize a message is malicious.
Attachments are often used to trick users into installing ransomware on the network. Ransomware is another dangerous attack targeting data privacy and integrity. Threat actors often use it on healthcare providers knowing that it can cripple business workflows and productivity. Email cybersecurity systems can detect attachments that could contain macros used to download ransomware and install it on corporate systems.
Multi-layer cybersecurity is vital to protect the healthcare sector from advanced threats such as phishing and ransomware. Without a layered cybersecurity approach, further healthcare providers could fall victim of the next large data breach. Using the right email filter and web content filters, you can reduce risks from human errors and leave your phishing campaign detection to cybersecurity controls. An email filter, detects messages, quarantine them, and give more control to administrators who can review messages for malicious content. If the administrator determines that the quarantined message is a false positive, then the administrator can forward the message to the intended recipient. These controls stop numerous phishing campaigns and reduce risks of your organization becoming the next healthcare data breach victim.
TitanHQ provides advanced multi-layer security to protect against ransomware, phishing attacks and data breaches. Talk to one of our cybersecurity experts today to learn we can protect your organisation. Talk to a TitanHQ team member today.
Sign-up for email updates...