Skip to main content
SMiShing

SMiShing Attacks Target the Healthcare Sector

By October 24, 2023No Comments

In August 2023, The Office of Information Security and Health Sector Cybersecurity Coordination Center (HC3) issued a report warning hospitals about the rising threat of SMiShing attacks targeting the healthcare sector.

SMiShing: phishing via SMS (short message service) text message

Why is the healthcare sector experiencing an uptick in SMiShing attacks? The HC3 report notes that users are much more trusting of text messages. The report goes on to say that not as many people are aware of the dangers of clicking links in text messages. So SMiShing is often lucrative to attackers searching for credentials, banking information and confidential data. Criminals use psychological tactics in their text messages to gain access to hospital and healthcare IT (Information Technology) networks. The text messages will usually create a sense of urgency or fear. The HC3 report says to be on the lookout for the following types of text messages:

  • Deadlines and time-sensitive language
  • Scarcity
  • A quick fix

Smishing Attacks Target the Healthcare Sector

Screenshot: HC3 Multi-factor Authentication & Smishing Report, August 10, 2023

At an average cost of USD 10.93 million, healthcare has the highest data breach costs of all industries.  What can the health sector do to protect itself? The HC3 recommends that all health sector employees add MFA (Multifactor Authentication) to all devices. We agree that this is a vital security protocol to implement. But is there more that the health sector can do to protect itself from SMiShing attacks?

Social-Engineer’s Managed SMiShing Service

While MFA is a key step towards protection, SMiShing testing and education within the healthcare sector is vital. Why do we say that? Because MFA alone will not protect against the psychological tactics and social engineering techniques that criminals use in a SMiShing attack.

Test. Educate. Protect.

With our Managed SMiShing Service you’ll receive a fully managed program that measures and tracks how your employees respond to text-based phishing attacks on corporate managed SMS-capable devices. Your employees will learn what a SMiShing message looks like and how to report it safely. As a first step, we recommend updating your BYOD (Bring Your Own Device) policy and establishing a reporting process for employees to submit suspicious text messages for review by your security team. Once you are ready, we invite you to partner with us for testing and education that will help protect your employees against SMiShing attacks.

You May Also Like

Phishing Attacks Targeting the Healthcare Sector
Vishing Attacks Targeting the Healthcare Sector

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now