BY THE NUMBERS – FIRST QUARTER – 2017
View or download detailed data breach report.
We live in a time where one computer user clicking on one link within an email or while visiting a website can lead to a catastrophic compromise of the hospital’s data or infrastructure. Your staff are prime targets! (Reference: Gene Abramov, Depth Security)
Phishing is a popular way to steal sensitive information (or compromise a computer network) because it doesn’t take as much talent or time as traditional hacking and it is very effective. Phishing emails are designed to trick the recipient into believing that the sender of the message is legitimate or trustworthy.
More than 30% of email recipients open phishing emails in 2016. More than 12% click on attachments or embedded links, within minutes of being phished. Phishing is the most common way to deliver ransomware. (Verizon 2016 Data Breach Investigations Report (DBIR), Healthcare)
In the last 18 months, healthcare has experienced a sharp increase in cyber-attacks: hacking, phishing, ransomware and other malicious software. Experts anticipate that cyber-attacks will continue to specifically target the healthcare industry.
The danger posed by hackers goes beyond financial hits. In late 2014, the patient safety organization ECRI Institute called the cybersecurity threat a patient safety issue.
A customized email using more detailed information (name(s), position(s), etc.) to trick the recipient into believing the sender is legitimate
Like spear phishing except it targets high-level or senior level executives
SMS phishing where text messages are used instead of email
Suspicious email or text
- The sender’s name or organization is unfamiliar
- Generic greeting (“Dear Sir or Madam”) instead of by name
Poor spelling and grammar
URLs containing one character that is different from a real domain name
- URL = Uniform Resource Locator, used to specify addresses on the World Wide Web/Internet
Request for personal or sensitive information
Offers that seem too good to be true
- Recipient is asked to send money
Something seems out of place
- Message appears to be coming from a co-worker but worded in a way that does not sound like something they would say or request
Appears to be from an official government agency
- When being audited, the IRS will not send an email
The action was not initiated by the user
- Online purchase that was not made
- Notification of an attempted package delivery