(913) 396-8321

Reducing Risks of Ransomware Attacks

We live in a time where one computer user clicking on one link within an email or while visiting a website can lead to a catastrophic compromise of the hospital’s data or infrastructure. Your staff are prime targets! (Reference: Gene Abramov, Depth Security)

Phishing Scams

Phishing is a popular way to steal sensitive information (or compromise a computer network) because it doesn’t take as much talent or time as traditional hacking and it is very effective. Phishing emails are designed to trick the recipient into believing that the sender of the message is legitimate or trustworthy.


More than 30% of email recipients open phishing emails in 2016. More than 12% click on attachments or embedded links, within minutes of being phished. Phishing is the most common way to deliver ransomware. (Verizon 2016 Data Breach Investigations Report (DBIR), Healthcare)

In the last 18 months, healthcare has experienced a sharp increase in cyber-attacks: hacking, phishing, ransomware and other malicious software. Experts anticipate that cyber-attacks will continue to specifically target the healthcare industry.

The danger posed by hackers goes beyond financial hits. In late 2014, the patient safety organization ECRI Institute called the cybersecurity threat a patient safety issue.

Special Types of Phishing


Spear Phishing
A customized email using more detailed information (name(s), position(s), etc.) to trick the recipient into believing the sender is legitimate


Whale Phishing
Like spear phishing except it targets high-level or senior level executives


SMS phishing where text messages are used instead of email

Some Clues of Phishing

Suspicious email or text
- The sender’s name or organization is unfamiliar
- Generic greeting (“Dear Sir or Madam”) instead of by name

Poor spelling and grammar

URLs containing one character that is different from a real domain name
- URL = Uniform Resource Locator, used to specify addresses on the World Wide Web/Internet

Request for personal or sensitive information

Offers that seem too good to be true
- Recipient is asked to send money

Something seems out of place
- Message appears to be coming from a co-worker but worded in a way that does not sound like something they would say or request

Appears to be from an official government agency
- When being audited, the IRS will not send an email

The action was not initiated by the user
- Online purchase that was not made
- Notification of an attempted package delivery

Unrealistic threats

How tw-Security can help

  • Create a charter or a plan, verify/update policies and procedures for email acceptable use, phishing, and ransomware
  • Work with Human Resources to define the possible consequences within the sanction policy for repeat offenders
  • Create a user awareness and phishing response program
  • Provide Training and Education; Executives, Senior Leadership Team, IT staff, Service Desk staff
  • Assist with the selection of a phishing tool, implementation, and reporting of the results
  • Create risk profiles for email systems (Assess threats, controls, and vulnerabilities, document the impact, likelihood, and overall risk scoring)
  • Develop incident response preparedness; the development of a phishing playbook and tabletop testing exercise


Latest News

Sound Advice. Simple Approach.

Call us today. We help create and manage effective information security programs.

Let's Talk

Call (913) 396-8321