The healthcare industry continues to get hit with relentless phishing and ransomware hacks. The latest big hack happened in Arizona, targeting the Cancer Treatment Centers of America located in Phoenix. It was a data breach using email phishing and affected 42,000 individuals. Hackers seem to have no soul, continuing to prey on the most vulnerable population–those needing medical care. As healthcare hacks continue to grow in scope and depth, healthcare providers continue to struggle in the fight to keep patients and their sensitive data safe.

The success of email phishing attacks makes them one of the two most successful healthcare hacking tools. Employees of all sectors continue to be the biggest cybersecurity threat, with unsuspecting staff opening bogus emails appearing to be legitimate. Once opened, they click on attachments packed with malware that open the door to ransomware attacks. Employees also follow links in email text that redirect them to fake websites designed to steal login information and financial data. The criminals are always finding more ways to improve attacks and sharpen their skills. And of course, people will always be the weakest links. We are flawed and trusting, and sometimes fall for fear tactics. But we can also learn which means we can become the last line of defense against phishing attacks. We just need to know how to spot them and how to avoid them.

  • Look for typos and misuse of the language. If there one single error, don’t click or open. If there is a generic greeting, such as “Dear Users,” it should trigger your phishing sixth sense.
  • If you are not expecting to receive links or attachments from anyone, whether you know them or not, don’t click.
  • Any use of fear tactics should make you stop to think before clicking. Usually, if there is a threat of any type, it’s phishing.
  • To verify details of your account, be it user name, password, payment card information, etc., log into your account directly rather than clicking links or attachments.

Ransomware, the other major healthcare hack which also often gets around via phishing, locks and encrypts medical data and systems, and then demands a ransom be paid before unlocking and providing the decryption key. It’s fast money for hackers, who always require payment in Bitcoin or other cryptocurrency–an e-currency that is untraceable. Healthcare is a juicy target most likely to get the ransom paid. The reason behind its success is the nature of the data held for ransom. The data is at the core of hospitals and other healthcare providers being able to function day-to-day, minute-by-minute. When that data is held for ransom, lives are literally at risk. Although many organizations hit by ransomware struggle with the decision to pay the ransom or not, healthcare doesn’t have the luxury of time. As a result, they are much more likely than others to pay up and get things back to functioning as soon as possible. Healthcare for ransom is not likely to slow down as long as it continues to be lucrative for hackers.

For those IT groups, always make sure to have current backups on hand, separate from the operations network that can be accessed quickly in case of a life or death ransomware situation. This is solid advice for all organizations. Paying criminals for your own data is never advised. That only encourages more of it.


SOURCE: https://www.stickleyonsecurity...