- This topic has 5 replies, 6 voices, and was last updated 1 year, 6 months ago by Saranath.
-
AuthorPosts
-
-
2022-09-19 at 5:08 am #38150Kawin WongthamarinParticipant
1.Provide a brief description of the story.
A healthcare phishing scam exposed the protected health information (PHI) of 12,000 patients in Utah. A Revere Health employee clicked on a link in the phishing email that subsequently compromised their email account. The hacker used the employee’s credentials to remotely log in and view medical records numbers, patient names, birthdates, procedures, provider names, and appointment details. As a result of the incident, Revere Health updated its security awareness training and suspicious activity detection protocols, along with expediting the implementation of its two-factor authentication software. Revere Health also said that the health system regularly sends out simulated phishing emails to test workforce awareness.2.What is/are the impact of this data breach? Consequences of the data breach.
Revere Health believes that the intent of this attack was to harvest login credentials from individuals in our organization and not to gather patient information. They think that the aim of the hacker is to attempt financial fraud against Revere Health But luckily he didn’t succeed.3.How did the data breach occur?
A Revere Health employee clicked on a link in the phishing email that subsequently compromised their email account.
The hacker used the employee’s credentials to remotely log in and view medical records4.What should be the main cause of the data breach?
The main reason is the lack of computer security literacy training for employees within the hospital.5.How could you prevent this data breach attack?
As a result of the incident, Revere Health updated its security awareness training and suspicious activity detection protocols, along with expediting the implementation of its two-factor authentication software. Revere Health also said that the health system regularly sends out simulated phishing emails to test workforce awareness. -
2022-09-19 at 9:17 am #38156PREUT ASSAWAWORRARITParticipant
Thank you for your interesting issue regarding phishing e-mail.
In addition to training employees to be highly suspicious before click on the link in e-mail, development of sophisticated e-mail software to detect the unknown sender is another possible method. For example, g-mail can detect some strange e-mail and put it in junk box. This will put users to have higher awareness before click on the link.
Thank you.
-
2022-09-19 at 3:59 pm #38163ABDILLAH FARKHANParticipant
Such a good idea. One of the key successful prevention of phishing attack started from human resources. I agree that you mentioned awareness training and simulation as in some cases, phishing requires the user’s action through the email. In specific, training should accommodate how to verify the exact sender’s mailing address and recognize them earlier before the employee continue to click-on the button.
If I may add, I would like to support important notes it is crucial to the Revere Health to not only set up the IT policy but also to socialize the cyberattack safeguarding. Creating internal task force team that may perform quick response to any indicated phishing attack would be helpful.
Best.
-
2022-09-21 at 7:02 am #38215Kansiri ApinantanakulParticipant
I agree with you that data security literacy training is important for phishing.
I would like to add that regular corporate email communication for phishing warnings might be one of the ways to refresh their knowledge and warn the threat they are currently facing. -
2022-09-24 at 4:42 pm #38312Hazem AbouelfetouhParticipant
Thank you Kawin for sharing, I believe all companies should implement practical training on phishing. For example, I worked in a company where the security system team was sending phishing emails from time to time to all employees to test their awareness and give them a credit if they reported the suspicious email.
-
2022-09-24 at 5:15 pm #38319SaranathKeymaster
Thanks for the discussion. I like the idea of mock-up training and continuous communication with the users to raise awareness of phishing.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here