Wednesday, April 27, 2016

Errant clicks on phishing email led to violation, hospital exec claims

Even healthcare agencies that make a conscientious attempt to comply with HIPAA and continually making better their data security posture can find themselves victimized by cyber attacks.


That lesson was learned the hard way by Wyoming Medical Center, which recently reported a breach that occurred in late February. The Casper-based organization said identities of nearly 3,200 sufferers were briefly vulnerable after an email phishing attack that tricked 2 employees into divulging network credentials.


The agency had companywide training previous year, involving sessions on how to ignore phishing attacks, says Matt Fredericksen, chief compliance and privacy officer.


Additionally, Wyoming Medical regularly conducts email educational blasts on phishing and launched mock phishing attacks on workers 4 times between last August and February. Those who failed the mock phishing attacks by clicking on specious links instantly were taken to a training page for re-education. Those attempts were working, and the failure rate during mock phishing attacks was falling, Fredricksen claims.


But it only takes 1 worker or 2 in Wyoming Medical’s case, to fail to spot a phishing attack before an agency finds itself on the government’s Wall of Shame list of major breaches.

No comments:

Post a Comment