Skip to main content
Phishing

Phishing Attacks Targeting Healthcare Organizations: Social Engineering News

By September 26, 2023No Comments

At an average cost of USD 10.93 million, healthcare has the highest data breach costs of all industries. Healthcare organizations are now reporting data breaches at a rate of around two per day. In contrast, just four years ago they were reporting data breaches at half that rate. How are cyber threat actors gaining access? The Health Sector Cybersecurity Center has named phishing as a leading cause in these data breaches. Indeed, phishing attacks often give threat actors the entry point they need to steal credentials allowing them to access accounts holding sensitive data. With this in mind, let’s look at two notable phishing attacks that targeted healthcare organizations this year.

Phishing attack leads to data breach affecting 168,000 patients at Henry Ford Health

Henry Ford Health notified 168,000 patients that an unauthorized individual gained access to employee email accounts that held protected health information (PHI). A spokesperson for Henry Ford Health said the unauthorized access occurred after employees responded to phishing emails. A review of the email accounts confirmed that they held the following patient information: name, date of birth, age, gender, telephone number, medical record number/ internal tracking number, lab results, procedure type, diagnosis, and date(s) of service.

Phishing attack targets Highmark Health affecting 275,000 individuals

A Highmark Health employee disclosed their credentials to an unauthorized individual after clicking a malicious link in a phishing email. The unauthorized third party was then able to access the employee’s email account remotely, potentially viewing and exfiltrating emails and attachments. A review of the emails and attachments revealed they held the PHI of health plan members.

Test. Educate. Protect. – Social-Engineer’s Managed Phishing Service

The financial cost, legal ramifications, and reputational damage, resulting from a data breach can be devastating. As we’ve seen, threat actors are using phishing, a social engineering tactic, as an entry point to steal credentials giving them access to accounts holding sensitive data. In view of this, security awareness training should teach your workforce to recognize and report potential phishing emails. At Social-Engineer we focus on human-to-human social engineering.  Our fully managed phishing service deploys Human Risk Analysts who are professionally trained and certified social engineers. With our managed phishing service, you’ll receive our expert analysis. Let the experts at Social-Engineer enhance your security awareness program. Please contact us today for a consultation.

You May Also Like

Vishing Attacks Targeting Healthcare Organizations.
SMiShing Attacks Target the Healthcare Sector

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now