The PhishLabs Blog

Anatomy of a Healthcare Data Breach

Posted by Lindsey Havens on Jan 19, '17

Healthcare data breaches are becoming an almost daily occurrence.

Last year, the  volume and scale of healthcare data breaches increased more than ever before. In August of 2016, Advocate Health Care, a network of 12 hospitals and over 200 other treatment centers, was hit with a $5.5 million settlement over a series of three data breaches back in 2013.

So what’s going wrong? If you’ve been following this series so far, you’ll know an unprecedented number of threat actors are now targeting the healthcare industry… but how are all these breaches actually happening?

Read More

Topics: security awareness training, EDT, Healthcare

Evaluating Maturity: The State of Healthcare Security

Posted by Lindsey Havens on Jan 18, '17

On April 8th 2014 the FBI issued a warning to the healthcare industry.

The two page report informed providers that healthcare data was far more valuable than credit card data or social security numbers, because it could be used for identity theft. To further accentuate the need for security investment, the report continued:

"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely."

Read More

Topics: Security, Healthcare

The Uphill Battle of the Healthcare CISO

Posted by Lindsey Havens on Jan 12, '17

Let’s face it, being a healthcare CISO isn’t an easy job. The environments are complex, the staff are almost exclusively non-technical, and as of 2015 healthcare is officially the most attacked industry.

But what is it about healthcare that makes it so uniquely difficult to secure? If gambling websites and financial institutions can (for the most part) avoid major breaches, why can’t hospitals and private clinics?

Read More

Topics: Phishing, security awareness training, Healthcare

The Top 9 Reasons Healthcare Organizations are a Hacker’s Best Friend

Posted by Lindsey Havens on Jan 10, '17

In recent years, healthcare organizations have been attacked with more frequency, velocity, and fervor than any other industry. IBM dubbed 2015 “the year of the healthcare breach” in their 2016 Cyber Security Intelligence Index, and if recent headlines are anything to go by 2016 wasn’t much better.

But why are healthcare organizations targeted so consistently? On the surface, gambling sites and financial institutions would seem like better targets, so what is it about healthcare organizations that threat actors find so tempting?

In the end, it all comes down to one factor: Money.

Read More

Topics: Data Breach, Ransomware, Security, Healthcare

Security Awareness Training: A Recipe for Success

Posted by Jenny Dowd on Jan 4, '17

In recent months we’ve written a lot about security awareness and employee defense training. It’s an involved topic, clearly, and if you’ve taken away anything we hope it will be this:

If you want real, measurable improvements you must test your employees. And when it comes to email security, that means phishing your employees on a regular basis.

In this post, we’ll take a deep dive into a managed employee defense training program, and examine the ins and outs of effective security awareness training. From planning to post-game analysis, here are the best practices for managing your program.

 

Read More

Topics: EDT

Why Security Awareness Training Should Be Your Easiest Investment Decision

Posted by Lindsey Havens on Dec 21, '16

On the face of it, there’s really only one reason to invest in security awareness training: To avoid breaches, and save money. In reality there’s a bit more to it than that, but let’s stick with this assumption for now.

Read More

Topics: Phishing, security awareness training

Exploring the Surge in Phishing Attacks During the Holidays

Posted by Amanda Kline on Dec 1, '16

It should come as no surprise that the holiday season inevitably means an increase in scams and financial fraud. Long gone are the years where we only needed to worry about theft as a result of home burglaries and car break-ins. We not only need to worry about leaving store purchases and gifts in plain view in our cars or homes, but our credit card information being transmitted in plain text via payment services, and the ever increasing threat of phishing and ecommerce scams targeting holiday shoppers.

Read More

Topics: Phishing, Holiday Scams

How to Build a Business Case for Powerful Security Awareness Training

Posted by Lindsey Havens on Nov 29, '16

You're probably thinking security awareness training for employees is a no-brainer, that you shouldn't have to sell the idea up the ranks. However, with several other technology controls in place for securing your organization, you may be faced with a surprising "what's this...is this really necessary" when you slide that line item into next year's budget. 

So you re-consider what you have budgeted and entertain a once-a-year, check-the-box option to satisfy compliance needs. But how much will your organization benefit from this status-quo approach? 

Getting signoff for a security awareness training program that actually works can be much harder.

But it doesn’t have to be. With a little research and a few calculations, you can produce a business case for security awareness training that holds up even under purely financial scrutiny.

Here’s how.  

Read More

Topics: Phishing, Employee Defense Training, security awareness training

How to Calculate ROI for Security Awareness Training

Posted by Jenny Dowd on Nov 22, '16

Frustrating, isn’t it?

You put all that effort into designing a security awareness training program… 

But is it helping keep your organization safe? Or is it just satisfying your compliance requirements?

The truth is you have no idea. After all, how can you measure return on investment (ROI) for something intangible like security awareness training?

Read More

Topics: Phishing, Spear Phishing, security awareness training

Why Ransomware Works, Why it Doesn't, and What it Will Work on Next

Cybersecurity is a field defined by its dynamism, as is crime. When analyzing trends to assess the future of these two
frequently overlapping spaces, the most efficient way to separate persistent threats from hype is by asking not just where the money is, but what the easiest way is to get it. While ransomware has had a lock on headlines all year, the most recent news stories all seem to emphasize increases in attacks targeting educational institutions, state and local governments, and healthcare organizations. Let's examine why this change from shotgun targeting to more focused targeting is happening. 

Read More

Topics: Ransomware

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_