A Tale of Two Hacker Incidents
Healthcare Organizations Facing More Cyberthreats
… Keith Fricke, principal consultant at tw-Security, predicts: “The fourth quarter of 2020 will bring a spike in criminal phishing campaigns due to the holiday season, an election year and possibly more hurricane-related destruction prompting charitable agencies seeking donations.”
… Healthcare organizations need to be well-prepared to prevent, detect and respond to security incidents, Fricke says. Key steps include: using multifactor authentication for email accounts, promptly applying software patches, training the workforce on spotting phishing emails, testing restores of backups, and conducting penetration tests “at least annually to find weaknesses before the criminals do.”
Multifactor authentication is particularly valuable in helping to prevent business email compromise schemes, Fricke says. But implementing MFA “may mean sunsetting legacy applications and systems that do not support it.”
…”User behavior analytics is gaining traction in larger organizations, looking for anomalous activity for computer accounts of users,” Fricke notes. “More organizations are outsourcing centralized log management and paying third parties to monitor network activity 24×7.”
Organizations should also revisit their breach response plans and policies and conduct drills to test their efficacy, he notes.