The PhishLabs Blog

Healthcare Security Awareness Training: Don't Fear Failure, Learn From It

Posted by Dane Boyd on Jun 23, '17

The past few years has seen an explosion of cyber attack activity in the healthcare industry.

But that shouldn’t come as a surprise. Healthcare records are a goldmine for enterprising hackers, and with low security budgets across the industry it’s no wonder that healthcare organizations are considered a soft target.

A cursory glance at the industry’s security profile tells us everything we need to know. There are weaknesses everywhere, and hackers all over the world know it.

Incredibly, from a single successful healthcare breach, a hacker stands to earn anything from $285,000 to $1.7 million.

Read More

Topics: security awareness training, Healthcare

Why Your Security Awareness Training Isn't Working and What to Do Instead

Posted by Dane Boyd on Jun 22, '17

At this point, everybody knows phishing is a threat.

But then, it’s difficult to deny. As Verizon points out, over 90 percent of data breaches include a phishing or social engineering component, including many of the high profile breaches we all read about each week.

In fact, from a security perspective, phishing is the single greatest threat to most organizations, whether they’re tiny family owned businesses or huge multinational conglomerates.

So what are most organizations doing to defend against phishing?

Read More

Topics: security awareness training

Coming Soon - Healthcare Security Awareness Training, the 2017 Buyer’s Guide

Posted by Lindsey Havens on Jun 2, '17

Historically, security awareness training (SAT) in the healthcare industry… isn’t great. In fact, if you start talking about SAT to a healthcare CISO, you can see the frustration on their face almost immediately.

Back in February we attended HIMSS, one of the biggest healthcare IT shows in the US. We wanted to find out exactly what healthcare providers needed from a SAT program, and show them that (done properly) SAT can have a tremendous positive effect on the operational security of healthcare organizations.

Read More

Topics: security awareness training

7 Things the Healthcare Industry Needs from Security Awareness Training: HIMSS Feedback

Posted by Lindsey Havens on Mar 30, '17

Mention security awareness training in a healthcare setting and stress levels start to rise.

But it doesn’t have to be that way.

Last month we attended HIMSS, one of the largest healthcare specific IT conferences in the US. We wanted to show healthcare providers that security awareness training doesn’t have to be a huge burden, and that (done well) it can have a profound impact on a healthcare organization’s security profile.

But to do that, we needed to have frank conversations with as many healthcare providers as possible. We needed to find out what healthcare security professionals require from their security awareness training in terms of structure, content, and results.

And that’s exactly what we did.

Read More

Topics: security awareness training

The Phishing Email that Fooled Thousands of Trained Users

Posted by Dane Boyd on Mar 9, '17

It’s a sobering moment.

You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results.

But then it happens.

Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it.

Read More

Topics: security awareness training

How To Avoid Becoming the Next Big Phishing Headline

Posted by Lindsey Havens on Feb 10, '17

After years of research, analysis, and first-hand experience, here's what we’ve learned:

Phishing is a big deal.

Last month we held a webinar, with the aim of helping organizations to fight back against phishing. Hosted by Crane Hassold, our Senior Security Threat Researcher & former FBI analyst, and Dane Boyd, our Lead Solution Manager, this was one of the most comprehensive and entertaining webinars that we have hosted on phishing and security awareness training.

In this article we’ll give you the highlights of the webinar, and help you understand why and how your organization should combat phishing attacks.

Read More

Topics: Phishing, security awareness training, EDT

How To Be HIPAA Compliant (And Why It’s Not Enough)

Posted by Lindsey Havens on Feb 2, '17

The healthcare industry, like most others, is obsessed with compliance.

And that makes sense. After all, fines for HIPAA non-compliance are at an all time high, so who wouldn’t make it a top priority?

But as we already know, compliance doesn’t equal security. Thousands of HIPAA compliant healthcare organizations are breached every year, and unless the framework is dramatically tightened in the near future the same will be true in 2017.

Read More

Topics: security awareness training, Healthcare

Building Powerful Security Awareness Training for the Healthcare Industry

Posted by Lindsey Havens on Jan 27, '17

Over the past couple of weeks, we’ve written a lot about the current state of security in the healthcare industry, and why things need to change.

We’ve also covered the main causes of healthcare data breaches, and noted that powerful security awareness training is the most natural starting point for security conscious healthcare organization.

But so far, we haven’t really covered what should be included in a healthcare specific security awareness training program. After all, while some aspects of security are relevant to every industry, healthcare organizations are faced with a few highly specific problems that need to be addressed.

Before we consider what should be included, though, it’s worth looking at things from another perspective.

Read More

Topics: Phishing, security awareness training, EDT, Healthcare

Anatomy of a Healthcare Data Breach

Posted by Lindsey Havens on Jan 19, '17

Healthcare data breaches are becoming an almost daily occurrence.

Last year, the  volume and scale of healthcare data breaches increased more than ever before. In August of 2016, Advocate Health Care, a network of 12 hospitals and over 200 other treatment centers, was hit with a $5.5 million settlement over a series of three data breaches back in 2013.

So what’s going wrong? If you’ve been following this series so far, you’ll know an unprecedented number of threat actors are now targeting the healthcare industry… but how are all these breaches actually happening?

Read More

Topics: security awareness training, EDT, Healthcare

The Uphill Battle of the Healthcare CISO

Posted by Lindsey Havens on Jan 12, '17

Let’s face it, being a healthcare CISO isn’t an easy job. The environments are complex, the staff are almost exclusively non-technical, and as of 2015 healthcare is officially the most attacked industry.

But what is it about healthcare that makes it so uniquely difficult to secure? If gambling websites and financial institutions can (for the most part) avoid major breaches, why can’t hospitals and private clinics?

Read More

Topics: Phishing, security awareness training, Healthcare

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all