3 phishing attacks that lead to 20,000 patient records breached.
It just took one click. That was the case in three separate incidents that lead to patient records getting accessed and breached for one North Carolina medical center.
One simple phishing attack—the kind that we prevent with our extensive user training—led to a facility having breached over 20,000 records.
All it took was for one attack to hit three different users. After that, criminals had access to hospital data for over a month before it was discovered.
In this day in age, most patients expect their data to be secure. And if it isn’t, guess what? Many will go somewhere that has their ducks in a row.
It’s just that simple.
But, in many cases, cyberattacks have become the norm. And many of those attacks start with just one click.
How can a click compromise a network or patient files?
More often than I wish was true, organizations of all sizes get hacked and all files get locked down simply because one user clicked on a link or attachment.
The email was sent from someone they knew—or thought they knew. Maybe it was from you, the administrator, IT Director, CFO, or Doctor. The scammer did their homework, made the email sound somewhat believable and got that one user to click on it.
Could you think of at least a handful of people within your hospital that would have clicked on a ‘bad’ link?
I’m sure there are dozens of folks that actually would! As part of our security training, we test users by sending out fake phishing emails and find that over 80% of users click the first time. If they aren’t properly trained—as in are up-to-speed on recognizing and experiencing real phishing emails, the first time they click, your network might be breached at very least. At very worst, your network might be COMPLETELY compromised, which means all files locked down—including medical records, billing records, everything your teams need to keep the lights on and bills paid.
All it would take is a click.
And all it would take is a network that is not configured correctly to prevent an attack from spreading across the entire network.
All it would take was not being able to tell if suspicious activity was leaking data off your network.
All it would take was for a news person to find out about your data leak for your community to completely mistrust your hospital and for your board to distrust your leadership.
I hate to say this but it just takes one click.
From one to ten, how confident are you in your hospital’s security?
Do you have backups to recover from if your network does get locked down? Are you sure that everything will be recovered? Or will you have to report a breach and deal with the consequences? Will you have to pay a ransom?
When Your Hospital Is Shutdown By Ransomware Through No Fault Of Your Own, Will They Call You Stupid…Or Just Irresponsible?
It’s EXTREMELY unfair, isn’t it? Victims of other crimes – burglary, mugging, carjacking, theft – get sympathy from others. They are called “victims” and support comes flooding in.
If Your Hospital Is Attacked, You Will Not Get Such Sympathy. You Will Be Investigated and Questioned about what you did to prevent this.
A ransomware vulnerability assessment will help you identify where hackers will eventually find their way onto your network and how to proactively remediate serious cyber risks before they become attacks.
