Guides & Whitepapers

With a countless number of reported ransomware attacks every month, it seems like the cybersecurity industry is losing its battle with cyber-criminals...

Most healthcare providers know that phishing, ransomware, social engineering, and malware are risks to patient data, but what they don’t know is that a majority of these threats begin with third-party vendor vulnerabilities.

Ever since the SolarWinds hack in 2020, more businesses are aware of the risks third parties bring into their own enterprise environment.

A recent US Cybersecurity and Infrastructure Security Agency (CISA) survey showed that eight out of ten organizations reported at least one person within their business fell victim to a phishing attack. CISA performed its own penetration test on organizations willing to be tested, and the results confirmed that most businesses are vulnerable to cyber-criminals using social engineering and phishing methods.

Email protocols and the system that allows us to communicate with electronic messaging have been around for decades. The original system built in the 1970s wasn’t created with spoofing and phishing in mind. Weak communication protocols between sender and receiver have led to numerous critical data breaches from email-based attacks. The success of attacks stems from the way email protocols work, but businesses can protect themselves using DMARC policies set up as DNS entries.

Recently, it seems like hospitals and healthcare providers suffer from a data breach every month, many of them due to third-party vendor vulnerabilities. The healthcare industry suffered from another data breach on March 14 when a third-party vendor responsible for managed care administration announced that a hacker stole more than 4.2 million patient records, the biggest breach of 2023 at that time.

In October 2022, Medibank administrators became aware of suspicious activity on the corporate network environment. Investigations took place, and the initial investigation found that the suspicious traffic was from an external threat including ransomware.

If you have ever shopped for cybersecurity insurance, you know that insurance costs depend on a number of factors including the size of your business, number of employees, your industry, and the type of data stored. Another perhaps more significant factor is your current cybersecurity posture, an increasingly objective measure of your susceptibility to malware, phishing, social engineering, or service interruption.

According to the US Department of Health and Human Services, cyber criminals unleash 4,000 ransomware attacks daily. Many of these threats target healthcare organizations where they have few staff to mitigate, contain, eradicate and investigate attacks. Ransomware is the most common method by which these devastating cyber attacks are carried out, leaving healthcare organizations with few options, often leading to negative impacts on productivity and revenue.