Phishing strikes medical sector

Phishing strikes medical sector

Companies in all sectors must be aware of malicious attempts to break into computer systems. Healthcare, however, is a favorite target of attackers, as it contains a wealth of private, personally identifiable data. The ongoing risk of data loss has so far hamstrung efforts to bring medical entities fully into the era of digital data sharing. According to Healthcare IT News, a hacker recently gained brief access to a care provider's network through a phishing scam.

Phishing scheme leads to possible breach
The news provider reported that a malicious user was able to access the email account of a Cabinet for Health and Family Services employee for about 30 minutes. Fortunately, the databases that could have been accessed during the incident did not contain Social Security information. The source noted that experts believe the attacker's motive was probably connected to email spamming rather than data extraction. HIPAA rules, however, stipulate that even possible breaches must be followed by victim notifications.

IT security, no matter the type of company, can consist of several vital component parts. While firewalls and applications may have optimal protection, problems like phishing could persist. Companies could benefit from social engineering defenses and employee education to prevent attacks of a deceptive, rather than technical, nature. Faced with adequate digital defenses, hackers may turn to duplicity instead.

Employee danger
While careless or misguided actions by employees may cause danger to a company, there may be an even more pronounced threat - disgruntled or malicious members of the workforce. A Lieberman Software Corporation survey found 11 percent of IT professionals are willing to steal confidential information if laid off. Security systems can protect companies from both the accidental danger brought on by workers and the possible ill will of employees. Assuming the only risks come from outside could be a key safety oversight.