Recent Posts

Recent Blog Posts

The PhishLabs Blog

Healthcare Security Awareness Training: Don't Fear Failure, Learn From It

Posted by Dane Boyd on Jun 23, '17

The past few years has seen an explosion of cyber attack activity in the healthcare industry.

But that shouldn’t come as a surprise. Healthcare records are a goldmine for enterprising hackers, and with low security budgets across the industry it’s no wonder that healthcare organizations are considered a soft target.

A cursory glance at the industry’s security profile tells us everything we need to know. There are weaknesses everywhere, and hackers all over the world know it.

Incredibly, from a single successful healthcare breach, a hacker stands to earn anything from $285,000 to $1.7 million.

Read More

Topics: security awareness training, Healthcare

How To Be HIPAA Compliant (And Why It’s Not Enough)

Posted by Lindsey Havens on Feb 2, '17

The healthcare industry, like most others, is obsessed with compliance.

And that makes sense. After all, fines for HIPAA non-compliance are at an all time high, so who wouldn’t make it a top priority?

But as we already know, compliance doesn’t equal security. Thousands of HIPAA compliant healthcare organizations are breached every year, and unless the framework is dramatically tightened in the near future the same will be true in 2017.

Read More

Topics: security awareness training, Healthcare

Building Powerful Security Awareness Training for the Healthcare Industry

Posted by Lindsey Havens on Jan 27, '17

Over the past couple of weeks, we’ve written a lot about the current state of security in the healthcare industry, and why things need to change.

We’ve also covered the main causes of healthcare data breaches, and noted that powerful security awareness training is the most natural starting point for security conscious healthcare organization.

But so far, we haven’t really covered what should be included in a healthcare specific security awareness training program. After all, while some aspects of security are relevant to every industry, healthcare organizations are faced with a few highly specific problems that need to be addressed.

Before we consider what should be included, though, it’s worth looking at things from another perspective.

Read More

Topics: Phishing, security awareness training, EDT, Healthcare

Exploiting Weakness: Why Healthcare is an Obvious Ransomware Target

Posted by Lindsey Havens on Jan 24, '17

 

Since the start of 2015, healthcare has been hit with more ransomware than any other industry.

Headlines abound with tales of healthcare organizations declaring states of emergency, turning away patients, and often opting to pay ransoms just to end their nightmare.

Read More

Topics: Ransomware, Healthcare

Anatomy of a Healthcare Data Breach

Posted by Lindsey Havens on Jan 19, '17

Healthcare data breaches are becoming an almost daily occurrence.

Last year, the  volume and scale of healthcare data breaches increased more than ever before. In August of 2016, Advocate Health Care, a network of 12 hospitals and over 200 other treatment centers, was hit with a $5.5 million settlement over a series of three data breaches back in 2013.

So what’s going wrong? If you’ve been following this series so far, you’ll know an unprecedented number of threat actors are now targeting the healthcare industry… but how are all these breaches actually happening?

Read More

Topics: security awareness training, EDT, Healthcare

Evaluating Maturity: The State of Healthcare Security

Posted by Lindsey Havens on Jan 18, '17

On April 8th 2014 the FBI issued a warning to the healthcare industry.

The two page report informed providers that healthcare data was far more valuable than credit card data or social security numbers, because it could be used for identity theft. To further accentuate the need for security investment, the report continued:

"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely."

Read More

Topics: Security, Healthcare

The Uphill Battle of the Healthcare CISO

Posted by Lindsey Havens on Jan 12, '17

Let’s face it, being a healthcare CISO isn’t an easy job. The environments are complex, the staff are almost exclusively non-technical, and as of 2015 healthcare is officially the most attacked industry.

But what is it about healthcare that makes it so uniquely difficult to secure? If gambling websites and financial institutions can (for the most part) avoid major breaches, why can’t hospitals and private clinics?

Read More

Topics: Phishing, security awareness training, Healthcare

The Top 9 Reasons Healthcare Organizations are a Hacker’s Best Friend

Posted by Lindsey Havens on Jan 10, '17

In recent years, healthcare organizations have been attacked with more frequency, velocity, and fervor than any other industry. IBM dubbed 2015 “the year of the healthcare breach” in their 2016 Cyber Security Intelligence Index, and if recent headlines are anything to go by 2016 wasn’t much better.

But why are healthcare organizations targeted so consistently? On the surface, gambling sites and financial institutions would seem like better targets, so what is it about healthcare organizations that threat actors find so tempting?

In the end, it all comes down to one factor: Money.

Read More

Topics: Data Breach, Ransomware, Security, Healthcare

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all