The Healthcare Information and Management Systems Society (HIMSS) recently published a report from the 2019 HIMSS Cybersecurity Survey. The findings show that malicious actors are successfully leveraging phishing attacks to initially gain access to networks across healthcare organisations in the US.
RELEASED AT #HIMSS19: The 2019 HIMSS Cybersecurity Survey reveals a number of positive developments by U.S. healthcare organizations to address cybersecurity threats. https://t.co/7rTdivOGZ6 #HITsecurity
— HIMSS (@HIMSS) February 14, 2019
Expert Comments below:
Neil Larkins, CTO at Egress Software:
“Today, the most sophisticated phishing emails are designed to look as real as possible, and can, to the untrained eye, appear nearly identical to an email from a trusted sender. When issuing a phishing attack to a large audience, attackers count on a scattergun approach that will be successful with a proportion of recipients, tricking them into clicking on links and subsequently handing over personal information.
While spam filters do catch many phishing attempts, it’s important to know what to look for when one invariably slips through the net. Unusual URLs are often a sign of a phishing email and recipients should avoid clicking on them. Instead, they should hover their mouse over the link to see if the address matches the link displayed or if possible, open the site in another window instead of clicking the link.
Data breaches are becoming much more prevalent and organisations are clearly struggling to mitigate the risks caused not only by hackers but also by unpredictable user behaviour. It is therefore essential that they take advantage of existing technologies, such as Machine Learning (ML), that can help mitigate the risks users and organisations face. By analysing user email behaviour, smart technologies can now recognise patterns and highlight anomalies. For example, in cases where a phishing email requires an individual to respond, they can be alerted to the fact they haven’t emailed this recipient before or that the recipient is not trusted – immediately raising red flags for the user in scenarios where cybercriminals are leveraging established relationships.
This report highlights the need for healthcare organisations to review the protections they are putting around unstructured data, especially within emails, meaning that if sensitive information falls into the wrong hands, the risks of it being exposed is mitigated. This means adopting a comprehensive layered approach to data security which enables users to protect sensitive information in a simple and easy-to-use way. At a time when phishing and other cyberattacks are becoming much more prevalent, it has never been more important to analyse the best way to mitigate the risks of data breaches.”