View all articles

Phishing breach give attackers access to 25,000 patients at Saint Agnes health Care inc


The Baltimore health system breach is, unfortunately, just one of many recent high-profile attacks that continue to show an upward trend in attackers using phishing attacks to exploit poor employee security behaviour that bypass technical controls upon which organisations continue to place a huge over-reliance.

Whilst Saint Agnes should be commended on the transparency with which it has disclosed the breach, the health services' approach to preventing further attacks looks to be heading in the direction of working with their email provider to employ more technical controls - rather than approaching the root problem which is employee security behaviour.

Time and time again we see firms look to technical controls to fix the phishing problem, only to then find phishing attacks are still effective despite these additional controls. A well-crafted & targeted email, sent from a 'clean' mail server will almost always get through spam and anti-phishing filters; at which point it's down to employees to identify and report the attack.

Organisations need to understand that a multi-layered approach to security is needed to reduce the risk from attacks targeting employees. Technical controls, employee security behaviour programmes and robust incident response processes all need to be implemented. In doing so, the number of threats facing employees will be minimised, and the majority that do make it through traditional defences will be detected, reported and handled effectively.

The Baltimore phishing example demonstrates how an unaware and unsecure workforce can cause a serious security breach but how secure are your employees? Find out today by booking a free phish’d assessment that will help outline where your weaknesses are.