healthcare patient portal phishing

by Jermaine Buckridge 9 min read

Beware of Health Care Email Phishing Scam | …

20 hours ago Jan 14, 2016 · It could take you to a malicious website intended to gain access to personal information, like your username, password, Social Security Number, or bank account numbers. If you get this phishing email or any email you aren’t sure is legitimate, delete it immediately or ignore it. All official Marketplace emails are from Marketplace@HealthCare.gov. >> Go To The Portal


Is there a phishing email from healthcare?

Jan 14, 2016 · It could take you to a malicious website intended to gain access to personal information, like your username, password, Social Security Number, or bank account numbers. If you get this phishing email or any email you aren’t sure is legitimate, delete it immediately or ignore it. All official Marketplace emails are from Marketplace@HealthCare.gov.

What if I’m having issues logging into my Patient Portal?

Jan 20, 2022 · Massachusetts-based Signature Healthcare has recently announced a data breach that has affected 9,798 Brockton Hospital patients. Suspicious activity was detected in its email environment on November 4, 2021, with the investigation confirming the email accounts of several clinicians had been accessed by unauthorized individuals from October 16 ...

How do I get to the healthcare website?

Aug 20, 2019 · Healthcare phishing attacks are increasing disruption and financial loss for organizations and patients 74% of healthcare institutions experienced a security incident last year; More than 30 million patient records compromised thus far in 2019. by Miranda Nolan Aug 20, 2019 Data breaches in the healthcare sector are skyrocketing.

How do I get to my Patient Portal?

Sep 15, 2021 · Cape Cod Healthcare (CCHC) will never request an online visitor to provide personal health or financial information by email. Please notify the Cape Cod Healthcare Compliance Hotline 800-892-9205 immediately if you receive an email claiming to be from CCHC or its MyChart patient portal requesting personal health or financial information.

image

What is water nue?

An alert was recently issued by Trend Micro concerning a series of Business Email Compromise (BEC) campaigns they have dubbed “Water Nue.” These campaigns use phishing tactics sent via email from legitimate Office 365 accounts that have been hijacked by using an exploit to bypass multi-factor authentication (MFA). The emails mostly target financial executives and senior leaders in a company or organization, making it seem as if a file has been shared with them. Once they click on the link in the email, they are sent to a spoofed Office 365 login page. Once users log into this page, their credentials are stolen.

When was the emotet botnet first detected?

A lot of these recent phishing campaigns are likely being deployed by the infamous Emotet botnet that was first detected back in 2014. A botnet is an internet-connected network made up of infected computers that can be used to deliver various forms of attacks.

What is a RAT malware?

The Cybersecurity and Infrastructure Security Agency (CISA) recently released its own alert on another phishing campaign, this one deploying a remote access trojan (RAT) malware called KONNI. These campaigns, believed to be the work of a North Korean hacking group called APT37, deliver malware by first sending out targeted spear-phishing emails with a Microsoft Word document attached. Contained within the document is malicious code that, once the attachment is opened or downloaded, makes it possible for hackers to steal data, capture keystrokes, launch further malicious code and wreak all sorts of assorted havoc (there are multiple versions of this malware that carry out different destructive functions).

What is a joint federal alert?

A joint federal alert warns that all entities should be on the alert for a newly observed spear-phishing campaign, leveraging malicious emails to deliver the TrickBot malware payload. Healthcare administrators should review the...

How much did cybercrime cost in 2020?

The latest FBI IC3 Internet Crime Report shows that cybercrime cost individuals and US businesses about $4.2 billion in losses in 2020, up 69 percent from $3.5 billion in 2019. Phishing, non-payment scams, and extortion were the biggest...

When was Five Rivers breached?

June 11, 2021 - Ohio-based Five Rivers Health Centers recently notified 155,748 patients that their personally identifiable and health information was breached after a two-month long email compromise last year, stemming from a phishing attack. The impacted email accounts were subjected to unauthorized access from April 1, 2020 and June 2, 2020. The notice does not explain when the unauthorized access...

Is the US being targeted by phishing?

Senior medical research personnel in the US and Israel are being targeted by a credential phishing campaign launched by a nation-state hacking group with ties to Iran, according to a new Proofpoint report. Proofpoint observed the hacking...

What percentage of phishing attacks are malware?

The number of phishing campaigns delivering malware has drastically decreased in recent years, with just 12 percent of phishing deploying malware. On the other hand, 57 percent of all phishing attacks were designed for credential...

How much money was lost in cybercrime in 2020?

FBI: $4.2B Lost to Cybercrime in 2020, Led By Phishing, BEC, Extortion. The latest FBI IC3 Internet Crime Report shows that cybercrime cost individuals and US businesses about $4.2 billion in losses in 2020, up 69 percent from $3.5 billion in 2019. Phishing, non-payment scams, and extortion were the biggest...

When will the US be targeted by credential phishing?

March 31, 2021 by Jessica Davis. Senior medical research personnel in the US and Israel are being targeted by a credential phishing campaign launched by a nation-state hacking group with ties to Iran, according to a new Proofpoint report. Proofpoint observed the hacking...

Is cybersecurity important for healthcare?

With remote care, connected devices, and more efficient use of data digitizing healthcare delivery, cybersecurity has never been more vital for providers. Despite the benefits to patient care, however, there are some major weak spots that still remain for providers.

Is patient portal a threat?

After phishing, our Healthcare Cybersecurity Threat Index found that patient portals were the second biggest worry patients have about their providers' cybersecurity. Unfortunately, this is a valid concern. Patient portals contain electronically protected health information (ePHI), which means that—under the HIPAA Security Rule—organizations using or associating with this data are required by law to develop systems to protect it. Unfortunately, these protections can and do fail, exposing vast numbers of patients to data breaches.

Dive Brief

Presbyterian Healthcare Services is notifying 183,000 patients and health plan members that some of their protected health information has been exposed in a phishing attack on the email accounts of several employees, according to a press release from the New Mexico-based integrated health network.

Dive Insight

Data breaches are an ongoing problem for the healthcare sector, which led all industries in cybersecurity breaches in 2018, or 25% of more than 750 incidents, according a report from BakerHostetler.

Recommended Reading

As tech and data sharing become more pervasive, healthcare will likely pivot to being more predictive, and telehealth will evolve, giving rise to new modalities of care. This will force companies to invest more in cybersecurity.

image