{"id":14876,"date":"2019-03-19T08:10:05","date_gmt":"2019-03-19T16:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/03\/19\/news-8625\/"},"modified":"2019-03-19T08:10:05","modified_gmt":"2019-03-19T16:10:05","slug":"news-8625","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/03\/19\/news-8625\/","title":{"rendered":"New research finds hospitals are easy targets for phishing attacks"},"content":{"rendered":"

Credit to Author: Joan Goodchild| Date: Tue, 19 Mar 2019 15:00:00 +0000<\/strong><\/p>\n

New research from Brigham and Women\u2019s Hospital in Boston finds hospital employees are extremely vulnerable to phishing attacks. The study<\/a>\u00a0highlights just how effective phishing remains as a tactic\u2014the need for defense against and awareness of email scams is more critical than ever.<\/p>\n

The research was a multi-center exercise that looked at results of phishing simulations at six anonymous healthcare facilities in the US. Research coordinators ran phishing simulations for close to seven years and analyzed click rates for more than 2.9 million simulated emails.\u00a0Results revealed that 422,052 (14.2 percent) of phishing emails were clicked, which is a rate of one in seven.<\/p>\n

Patient data at risk<\/h3>\n

Security professionals are acutely aware of the intense scrutiny placed on patient data and the regulatory requirements around HIPAA\u00a0(Health Insurance Portability and Accountability Act). This new research on phishing in healthcare puts a spotlight on the vulnerability of this kind of data.<\/p>\n

\u201cPatient data, patient care, patient trust and financial stability may be on the line,\u201d said study author William Gordon, MD, MBI, of the Brigham\u2019s Division of General Internal Medicine and Primary Care. \u201cUnderstanding susceptibility, but also what steps can be taken to mitigate it, are critical as cyberattacks continue to rise.\u201d<\/p>\n

Odds of clicks decreased with time<\/h3>\n

There was a positive finding in the study. Researchers noted that clicks on phishing emails went down with increasing campaigns. After institutions had run 10 or more phishing simulation campaigns, the odds of users clicking on fraudulent emails went down by more than one-third.<\/p>\n

The findings make the case for solid awareness efforts to educate about the dangers of phishing, said Gordon.<\/p>\n

“Things get better over time with awareness, education, and training,\u201d he said. \u201cOur study suggests that while the risk is high, there is an opportunity to mitigate it.\u201d<\/p>\n

Healthcare industry struggles with breach rate<\/h3>\n

Chris Carmody, senior vice president of enterprise technology and services at the University of Pittsburgh Medical Center (UPMC) and president of Clinical Connect Health Information Exchange, noted in an interview with Reuters Health News<\/a> that phishing is a challenge in an increasingly digital healthcare environment.<\/p>\n

“This is definitely a problem in all industries where people rely on e-communications, especially email,” Carmody said in the interview. “And health care is no different. We see clinical users whose primary focus is on patient care, and we’re trying to do our best to help them develop the knowhow to know what to look for so they can identify phishing attempts and report them to us.”<\/p>\n

Carmody estimates that his security group at UMPC, which also runs phishing simulations, gets about 7,500 suspect emails forwarded to them each month, with about 12.5 percent of them being actually malicious.<\/p>\n

But any number puts a healthcare facility at risk, as these kinds of institutions are particularly vulnerable to breach. A separate report from Beazley Breach Response<\/a> finds that healthcare organizations suffered the highest number of data breaches in 2018 across any sector of the US economy. Healthcare institutions have a 41 percent reported breach rate, the highest of any industry.<\/p>\n

Other figures from ratings firm SecurityScorecard find the healthcare industry is one of the lowest ranked industries when it comes to security practices. The report<\/a>, titled SecurityScorecard 2018 Healthcare Report: A Pulse on The Healthcare Industry\u2019s Cybersecurity Risk<\/em>, looked at data from 1200 healthcare entities and ranked healthcare 15th<\/sup> out of 17 industries for overall cybersecurity posture.<\/p>\n

The SecurityScorecard report noted the healthcare industry is one of the lowest performing industries in terms of endpoint security, posing a threat to patient data and potentially patient lives. In addition, 60 percent of the most common cybersecurity issues in the healthcare industry relate to poor patching cadence.<\/p>\n

Healthcare phishing in the headlines<\/h3>\n

Healthcare phishing attempts that devastate facilities and lead to patient data leaks regularly make news headlines. In December 2018, an employee of\u00a0Memorial Hospital<\/a>\u00a0at Gulfport, Mississippi was tricked by a phishing scheme and the result was the breached data of 30,000 patients.<\/p>\n

The breach was discovered when investigators noticed an unauthorized party had gained access to an employee email account earlier in the month. Among the patient data leaked were emails, names, dates of birth, health data, and information about services patients had received at MHG. Social Security numbers were also leaked on some patients.<\/p>\n

Phishing on the rise all over<\/h3>\n

Massive malware campaigns like Emotet and TrickBot have pushed phishing levels higher this year in many industries. Kaspersky Labs most recent Spam and phishing in 2018<\/a>\u00a0report finds the number of phishing attacks that took place in 2018 more than doubled from the previous year.<\/p>\n

Research from Sophos finds that 45 percent of UK businesses were hit by phishing attacks between 2016 and 2018. The study also revealed 54 percent had identified instances of employees replying to unsolicited emails or clicking the links in them.<\/p>\n

The Malwarebytes\u00a02019 State of Malware report<\/a>\u00a0finds all sectors are impacted by the kind of malware served up in phishing emails. Trojans like Emotet and TrickBot are particularly problematic in education, manufacturing, and retail. While healthcare fared poorly in the Brigham and Women\u2019s study, every vertical is plagued by phishing.<\/p>\n

How can business defend against phishing attacks?<\/h3>\n

Of all of the cybersecurity risks to organizations, the human element is always the toughest to mitigate. But, as the healthcare phishing study shows, user awareness does have a positive impact on click rates\u2014the more campaigns were launched, the fewer employees who fell prey to fake emails.<\/p>\n

There are plenty of free awareness and anti-phishing resources available that businesses can tap for training internally. For example, our anti-phishing guide<\/a> offers suggestions and awareness tips for both employees and customers. And Google has an\u00a0anti-phishing test<\/a> you can access online to familiarize users with common phishing techniques. Of course, there are also many companies that offer training products for purchase.<\/p>\n

However businesses choose to train employees, it\u2019s important to have regular access to information and tools that promote awareness of evolving phishing techniques. In the healthcare industry, it\u2019s not just about the bottom line\u2014it could actually save lives.<\/p>\n

The post New research finds hospitals are easy targets for phishing attacks<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Joan Goodchild| Date: Tue, 19 Mar 2019 15:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
New research from Brigham and Women\u2019s Hospital in Boston finds hospital employees are extremely vulnerable to phishing attacks. The study\u00a0highlights just how effective phishing remains as a tactic, and why awareness of email scams is more critical than ever.<\/p>\n

Categories: <\/p>\n