Medical Records Gone Phishing
By Hodgson Consulting & Solutions | September 13, 2019
One of the greatest things about technology is that it makes information accessible. In fact, that’s exactly what hackers are banking on – that everyday people and businesses will blindly trust technology with their most important information, and that they can later work to retrieve that info. The medical industry is a common target for these types of threats. This month, “UC Health launched an investigation into an email phishing attack that might have compromised the medical records of some patients of the hospital system whose flagship is the University of Cincinnati Medical Center. The hospital system expects that some patient details were in employee emails that were accessed by the attack, including patient names, dates of birth, medical record numbers and clinical information.” (bizjournals.com, 2019) Phishing emails are designed to look authentic and to trigger enough believability within recipients to convince them to click on links, or at least reply. Once hackers infiltrate your trust, they then infiltrate your systems and databases. “To prevent such a data breach in the future, UC Health stated, the system is enhancing its email security and reinforcing education with employees on how to identify and avoid malicious emails.” (bizjournals.com, 2019)
Phishing threats aren’t the only attacks individuals and business have to be aware of. As a technology user, you must also be careful of what third-party vendors you use and trust with your information. If the vendors you trust to protect your information aren’t even protecting themselves, it’s time to reconsider those partnerships. As reported by Security Boulevard, “last week, the team at CircleCI came across a security breach incident that involved CircleCI and a third-party analytics vendor. An attacker got access to the user data including usernames, email addresses that were associated with GitHub and Bitbucket, user IP addresses as well as user-agent strings from their third-party vendor account.” (securityboulevard.com, 2019) Some positives to consider in this particular incident would be that employees caught wind of this breach at the end of August 2019 and took action right away by forwarding it to the CircleCI security team. Within a week their security teams were investigating. “The security and the engineering teams at CircleCI revoked the access of the compromised user and further launched an investigation.” (securityboulevard.com, 2019) If a data breach is inevitable, then having a plan in place to recognize and recover is even more essential.
How it Could Affect You:
When considering how vulnerable you, your business, and your employees are to phishing attacks and other schemes of cyber criminals; you must consider how well you actually prepare. Ask yourself and your IT guys the following questions:
- Do you have onboarding and ongoing cyber security trainings?
- Have you ever seen/reviewed what a convincing phishing email looks like with your staff?
- How prepared are you to combat and recover from an email phishing attack or any other types of data breaches?
- Should your company be exposed by a data breach, how long would it take you to notice? How long would it take you to recover?
Remember, once hackers infiltrate your trust, they can then infiltrate your systems and databases. Don’t give them that satisfaction. Find out where your vulnerabilities are and let us help protect your business today!
Here at Hodgson Consulting & Solutions, we specialize in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. Contact us to receive a FREE Confidential Dark Web Scan and learn more about our Managed Security Service Plans.