Updated 3:36 PM CDT, Wed September 1, 2021
Published Under: Email Security IT Services Monthly Breach Deets
Orlando Family Physicians LLC experienced a breach in the form of a phishing attack when a user gained access to the company network system. According to the HIPAA Journal, 447,426 patients of Orlando Family Physicians in Florida had been accessed recently by an unauthorized individual. The email accounts contained the personal and protected health information (PHI) of all the patients, and employees. The PHI leaked varied from patient names, medications, health insurance, and even passport numbers to name a few. This cost the Orlando Family of Physicians an estimated $5,747,734, according to eRiskHub.
How this could have been prevented
Phishing attacks can be devastating to an organization because many email systems have a hard time to prevent these from coming in. They will arrive in many different formats and from many different email addresses. The main source of prevention is end user education. The reason that phishing attempt breaches are so successful is that it relies on the end user to click on an email that looks legitimate. Therefore, training is so important for these types of attacks. This could have been prevented if the end user knew 3 self-check basic tips when looking at any email with a hyperlink.
- Our first tip would be to always check the reply email address to make sure it matches who the sender should be, and which company they should be sending from. For example, if an email is supposed to be from John Smith with ABC Company, John’s email would probably look something like this: [email protected]. Instead, a common phishing email address might look like this: [email protected]. It is most important to verify in your email address book if John Smith has emailed you before.
- The second tip would be to hover your mouse over the hyperlink to show where it will take you when you click on it. If it says it’s going to take you to abccompany.com in the URL, then it could be legitimate.
- Lastly, you can always call John Smith and ask if he sent the email. That decrease the chances of the email being a phishing attempt.
Other ways to prevent phishing attacks would be to increase security software in the organization. Our first recommendation is to add the Cisco Umbrella option to your network. You can prevent a user from opening links that come from domains or websites less than 30 days old. Typical malicious links have a much higher chance of being newly registered domains or websites. Cisco Umbrella and Phishing Simulation Training can greatly reduce the chances of a phishing attack.
VGM Forbin would be happy to consult you on security software and other cyber security needs for your business. Let us know if you'd like to schedule a free consultation today!
Comments