2019-10-21 at 2:16 pm #14979adminKeymaster
Please read your friend’s report and provide comments on “Are there any other preventive measures to avoid the attack?”.
Case study 2 : Two phishing attacks on Minnesota DHS breach 21,000 patient records (https://www.healthcareitnews.com/news/two-phishing-attacks-minnesota-dhs-breach-21000-patient-records)
- Provide a brief description of the story.
At the Minnesota Department of Human Services, the two separate employee email accounts were compromised by the hacker, the first time was on June 28, 2018. At June 9, the cyberattacks came back again; however, the IT department did not know the situation until August. As a consequence of this, around 21,000 patient records were breached, and it was doubtful whether the emails were accessed or copied.
2. What is/are the impact of this data breach? Consequences of the data breach.
- The main impact that should be concerned is about the patients’ information. The report showed that the hacked emails contained names, addresses, phone numbers, Social Security numbers, employment information, and other personal data of the patients. If hackers can copy or access, they can sell the data or result in identity theft for commercial purposes. They can also use the data to attack each patient directly, for example, they may pretend to be a family member for asking for money.
- The impacted patients had interacted with the State Medical Review Team and the DHS Direct Care and Treatment facilities; therefore, these two institutes may be not credible for the
- Other health care employees may have also been targeted by the phishing campaigns, so they could not confirm that the other patient data will be safe.
3. How did the data breach occur?
From the story, it can be estimated that one of the employees click a link from the phishing email. This fake email may be almost identical to one they trust that is from: bank, workplace, government agency, or advertisement email. So, this can lead to the revealing of the patients’ data contained in the email.
4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The main cause of the data breach may be the email phishing that is about the cyberattacks contact the targets using email, telephone, website, or even text message. They implementation is to pretend to be a legitimate institution or the people for luring the target into providing sensitive data, for example in this case, the hacked email contain patient personal information: names, addresses, phone numbers, Social Security numbers, employment information and other personal data.
The usual characteristic of the phishing emails:
- The sender
- uses unusual email
- doesn’t have a business relationship with the target
- the sender email address is from a suspicious domain.
- The email receiver
- there are many unusual mixes of receivers or cc person
- The email contains hyperlink, which is seemed to have wrong spelling, or attached a different website.
- In commonly, the content will have bad grammar, spelling errors, attraction massages (avoid a negative consequence, gain something of value), for example.
5. How could you prevent this data breach attack?
The key of successful hacking is a human error. To prevent this issue, colleagues must have an awareness of phishing email. The Protection for personal information against fraud emails must have the knowledge of how or what is hacker do.
There are many things for raising the awareness of phishing email, the first thing which colleagues must have is not reliable to all emails. Colleagues must not open the suspicious email. Trusting may have caused the serious problems.
Most of phishing emails contain a fraud link or URL, so the colleagues do not open them directly without checking or scan for viruses. Although they are not opening by themselves, sometimes the link or automatically opened by itself. This issue can be solved by setting the web browser allows only reliable sources.
If phishing emails require for user information such as password, bank account number, financial data or even I.D. Numbers which is an unusual event.
2019-10-21 at 4:00 pm #14999anothailand (OHN)Participant
Are there any other preventive measures to avoid the attack?
I think that the way to prevent impact from phishing attack can be classify in 3 stage such as these:
Stage 1) The employee has received the phishing email.
I think training and instruction on phishing attack can prevent attack at this stage, as you mentioned above, but if they already fell for that, there must be second or third chance to prevent further impact and consequence in Stage 2 and 3.
Stage 2) The employee’s email account was compromised.
At this stage if the email was compromised, the monitoring of email activity can early detection of abnormal email activities by the hacker, and then get email account secure before the data breech was taken. Moreover, If the email account required to change password regularly every three month, the time period for the email account to be compromised will be shorter.
Stage 3) The personal data of the patients was access or copied.
If the patient data was contain in email, even the hackers can access the email, they cannot get access to the patient data if the data file was encrypted or required password login that was different from the email password. Moreover restriction of the email user that can send or receive patient data to be few as possible, so as to minimize number of vulnerable email account that hacker can access the patient data.
2019-10-22 at 1:34 pm #15028ChalermphonParticipant
Employees are the weakest links to accessed something or open some email or used other software. I think Train employees of cyber security and design and develop methods to protect the system .
2019-10-22 at 4:06 pm #15040Pyae Phyo AungParticipant
There are ways to protect phishing attacks.
-Important things is security awareness of employee. Provide regular training.
-If you had an IT department or IT technician, request to filter email from other domains. Make sure every mail is encrypted (end to end encryption).
-Install extra security add-on (phish Alert) on your email application or browser.
-Do not open the mail or its attachment from unexpected email.
2019-10-23 at 3:13 am #15046tullaya.sitaParticipant
I do agree with Penpitcha, human error is the key successful of hacker. One more thing that I think it should be another measure to prevent the attack is security safeguard of the system should be checked for the vulnerability points more frequently, as in this story systems found that they were hacked around 2 months after events.
2019-10-23 at 4:50 pm #15061AmeenParticipant
Apart from catching up with all employees on how to handle incoming emails, I think setting a system to help filter phishing email is helpful, not only in terms of security but also of cost-effectiveness and working-efficiency. Imagine an organization or a business function that has to handle hundreds of emails a day. Checking of email if it’s phishing can take like, for example, 30 seconds per email, in total it will take 50 minutes or roughly an hour a day per individual employee. If an organization has 10 staff handling emails, in overall the organization has to spend 10 hours/day to do it manually. Let’s calculate into operational al cost and working efficiency!(continued in Phishing attacks (Anothai))
- This reply was modified 3 years, 11 months ago by Ameen.
2019-10-23 at 11:23 pm #15076w.thanacholParticipant
I agree with Mvidhyagorn that the company should set the phishing email preventing system. In that system, the company should have a suspicious email reporting system so the system can learn a new phishing email source and prevent it in a timely manner. The organization should promote the cybersecurity policy and strengthening the user’s knowledge regularly.
You must be logged in to reply to this topic. Login here