Iowa’s UnityPoint Health has revealed it was the victim of a phishing attack that put the sensitive medical information of 1.4 million patients at risk, as reported by local media.
Leon Lerman, CEO at Cynerio:
“Healthcare organizations need to be on high alert for these types of phishing attacks like the one that targeted employees of UnityPoint Health.
Perhaps they think it won’t happen to them and that the cyber-criminals will go after very large organizations, so they don’t really take action to protect themselves.
On the other hand, I’m sure many of them do worry about it, especially because they deal with very sensitive data. The more they are dealing with interesting/ sensitive data, like healthcare, the more likely they will be a target, hackers also take into account that smaller organizations typically have less protections and are easier to hack.
Many businesses are now aware of the ” high level” risks as reported by the media, but can’t really translate it into an action plan of how to protect themselves or even know what are their specific risks.
Organizations need to understand that depending on a single security control is no longer good enough. Healthcare organizations need to implement a defense in depth strategy, which includes a series of different defensive mechanisms which will defend against various attack vectors, including the malware-free attacks like phishing.
Especially in the healthcare industry, we need to place more focus on educating employees on how hackers target organizations and what can organizations do to protect themselves.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.