Phishing campaigns are one of the most prominent types of cyber attacks. They can be very simply crafted by attackers to cleverly fool individuals into clicking on malicious links/attachments to infect systems, or giving up their personal information. And unfortunately, they continue to be highly successful. There is a wide range of different types of phishing campaigns that have led to massive breaches within organizations. In yet another phishing incident, the Torrance Memorial Medical Center in Torrance, CA suffered a breach as a result.
Details of the Incident
On Monday, the medical center had started notifying a portion of patients that some of their email accounts had been breached. The accounts were said to have contained personal data and “work-related reports.” According to medical center spokesman Ed Finn, the initial attack had occurred on April 18th and 19th, and they had involved a third party forensic team to begin an investigation for the purpose of determining the extent of the incident. He also had stated, “The investigation determined that personal information for certain individuals was present in some impacted emails, but it remains unclear whether emails or attachments containing the information were accessed by an unauthorized person or persons.” The personal information contained within the email accounts included Social Security numbers, names, dates of birth, address details, medical record numbers, phone numbers, diagnostic information, and insurance data. Fortunately, Finn had also said that the memorial center does not have any evidence of misuse of the information at this time.
The hospital seems to be addressing the data breach quite well, as they are placing focus upon helping those affected. The letters that they mailed to the patients included offers of free identity theft protection and credit monitoring for one year. They have informed patients to keep a watchful eye on their reports for any suspicious activity. Far too many organizations tend to neglect those who are affected by a breach. Many will simply send some sort of canned apology to victims and then let them fend for themselves. But, when individual’s information is leaked as the result of faulty security on the part of any organization, that organization needs to take full responsibility for the incident. They need to ensure that those potentially affected are taken care of and protected against future misuse of their information. If they do not do this, it can result in heavy reputation and customer trust damage.
Protecting Systems and Networks with Anti-Phishing Solutions
As mentioned above, phishing is one of the most common forms of cyber attacks. It is important for organizations in this day and age to have proper anti-phishing solutions in place. And healthcare organizations like the above tend to be frequently targeted by these, and other types of attacks. There is a multitude of steps that need to be taken to prevent phishing attacks, such as comprehensive cyber security, and educating employees to identify the malicious campaigns. Then, there is also the matter of having a plan of action for the event of a successful attack. If this occurs, it requires the organization to be able to expel the threat, notify those affected, identify the immediate vulnerability, launch an investigation, and trace the source. If an organization cannot properly mitigate an attack through anti-phishing solutions, the resulting damage can be far worse. Massive Alliance’s anti-phishing solutions can allow an organization to prevent attacks, as well as thoroughly mitigate those that have occurred.