The danger posed by phishers is constant, especially for the healthcare sector which is often focused on by cybercriminals as a result to the high value of healthcare data and impacted email accounts. Phishing campaigns are having a massive impact on healthcare groups in the United States, which are reporting the highest ever numbers of successful infiltrations.
The industry is also heavily impacted by ransomware campaigns, with many of the attacks beginning with a successful phishing attack. One that shares a ransomware downloader such as the Emotet and TrickBot Trojans, for instance.
A recent survey carried out by HIMSS on U.S. healthcare cybersecurity experts has revealed the extent to which phishing attacks are hitting their targets. The survey, which was distributed from March and September 2020, showed that phishing is the main cause of cybersecurity attacks at healthcare groups in the 12 months, being referred to as the cause of 57% of attacks.
One interesting revelation garnered from the survey is the lack of appropriate protections against phishing and other email attacks. While it is reassuring that 91% of surveyed groups have implemented antivirus and antimalware solutions, it is extremely worrying that 9% appear to have not. Only 89% said they had implemented firewalls to prevent cybersecurity attacks.
Then there is multi-factor authentication. Multifactor authentication will not prevent phishing emails from being delivered, but it is highly effective at preventing stolen log in details from being used to remotely access email accounts.
In the data breach reports that are necessary for compliance with the Health Insurance Portability and Accountability Act (HIPAA) Rules, which healthcare groups in the U.S are required to comply with, it is common for breached entities to state they are implementing MFA after experiencing a breach, when MFA could have prevented that costly breach from happening initially. The HIMSS survey showed that 75% of groups augment security after being hit by a cyberattack.
These cyberattacks can also have a negative impact on patient treatment. 28% of respondents said cyberattacks disrupted IT operations, 27% said they disrupted business management, and 20% said they resulted in financial losses. 61% of respondents said the attacks had an impact on non-emergency clinical care and 28% said the attacks had interfered with emergency treatment, with 17% saying they had resulted in patient harm. The latter figure could be underestimated, as many groups do not have the mechanisms in place to see if patient safety has been impacted.
The amount of phishing attacks that are hitting their targets cannot be attributed to a single factor, but what is clear is there needs to be higher level of investment in cybersecurity to prevent these attacks from succeeding. An effective email security solution should be a top priority – One that can block phishing emails and malware attacks. Training on cybersecurity must be conducted for employees for HIPAA compliance, but training should be provided on a constant basis, not just once a year to meet compliance requirements. Implementation of multifactor authentication is also an essential anti-phishing tactic.
One area of phishing security that is often ignored is a web filter. A web filter prevents the web-based component of phishing attacks, preventing employees from accessing websites hosting phishing forms. With the complex nature of current phishing attacks, and the realistic fake login pages used to capture credentials, this anti-phishing measure is also crucial.
TitanHQ can give you cost-effective cloud-based anti-phishing and anti-malware processes solutions to safeguard your network from email- and web-based components of cyberattacks and both of these solutions are provided at quite a reasonable cost, with flexible payment options.
If you want to enhance your defenses against phishing, prevent costly cyberattacks and data leaks, and the possible regulatory penalties that can follow, contact TitanHQ now.