Falling victim to an email threat can result in detrimental and serious consequences, including direct financial loss through stolen funds, loss of intellectual property, compromising patient and organizational data as well as the possibility of HIPAA compliant violations and fines from the Office of Civil Rights (OCR).
Cybercriminals and fraudsters use social engineering attacks with the goal of obtaining valuable data and funds from companies and individuals. These complex and strategic attacks are developed through gathering information around user behaviors and communication habits and trends, causing a victim to take an action that is not in their best interest. Below learn more about some common attacks commonly used against healthcare organizations.
The most commonly known cyberattack, a phishing attack is used when an email is sent from a reputable or otherwise considered legitimate sender in order to receive passwords, data or funds, or even delivering and installing ransomware. This ransomeware is often disguised as a link or download that will compromise your system upon clicking or download.
Ransomware is a malicious software or virus used by cybercriminals to access a victim’s device or network, often blocking the victim from accessing or threatening to share the victims data in exchange for a ransom.
The type of cyberattack that attempts to steal confidential data through hacking an email under the guise of a familiar or trusted source to a specific individual or department within an organization. For example, if an employee were to receive an email for an employee from another department or location containing a file or link.
Business Email Compromise
This is one method that requires a strategic approach based on a company’s spending patterns and is more focused on direct financial gain. Cyber criminals target organizations who often engage in wire transfers of funds. The attacker will send an email impersonating the CEO or another member of the organizations C-suite or financial officer, often requesting funds be transferred to an account. For example, a hacker may use an compromised employee’s email address to request a wired payment for an invoice from a vendor that is listed as a contact in the email account.
Learn more about these threats and how to protect your organization in our blog series, discussing how to help your employees identify and avoid cyberattacks.