Security News > 2020 > February > Phishing in Healthcare: Yet Another Major Incident

Phishing in Healthcare: Yet Another Major Incident
2020-02-25 19:48

"Phishing continues to be one of the primary breach vectors in the healthcare industry. It is cheap, effective and profitable to the cyber-criminal element," says Rich Curtiss, director of healthcare risk assurance services at security consultancy Coalfire.

"Health records command a hefty price on the 'dark web' and are relatively easy to acquire through phishing attacks. Phishing is an organizational threat and not an IT problem. Addressing the threat must be a strategic imperative and, to be truly effective, must be part of the organizational culture."

"The human response to phishing email is the hardest to protect against, so it is important to minimize the delivery of 'potential' phishing email while balancing 'false positives', which inhibit legitimate email from being delivered," he adds.

The best approach to minimizing falling victim to email phishing is a layered defense posture that includes an organization providing workforce cybersecurity training coupled with regular phishing campaigns testing, plus "a robust technical security infrastructure," Curtiss says.

"While healthcare companies are far from alone in being the victims of phishing attacks, their data is highly monetizable on the black market, and they are often perceived as having restrictive budgets that can't prioritize IT and expert security staffing - making them a presumptive 'good target'."


News URL

https://www.inforisktoday.com/phishing-in-healthcare-yet-another-major-incident-a-13767