US Hospitals Have Increased Email Security Against CEO FraudOrhan Sari
Email Security Against CEO Fraud – With the latest ransomware warnings from federal agencies, some Massachusetts healthcare institutions have strengthened their email security mechanisms and increased email security. The process of filtering external emails has been accelerated or outcoming emails are temporarily blocked completely.
1- Why Hospitals Increased Email Security with Extra Precautions?
Some hospitals in Massachusetts have been targeted by a spear-phishing attack (targeted phishing) claiming to be the US Department of Health and Human Services, seeking information on COVID-19 statistics and targeting top executives.
Therefore, according to a report in the Boston Business Journal, many health institutions in the USA received warnings from the Department of Cyber Security and Infrastructure Security about increased attacks on the US health sector.
Kelvin Coleman, executive director of the National Cyber Security Alliance, told that cyber threats to the US healthcare system are not a long-standing problem, and these threats have undoubtedly worsened with the spread of the COVID-19 outbreak.
2- Why are these suggestions for Email Security Against CEO Fraud important?
These attacks that started long ago could still be on an employee’s inbox and the victim might not have known about it. In addition, due to the ongoing attacks, necessary measures had to be taken.
In response to messages and alerts from the FBI, hospitals have started work on increasing email security. According to the Boston Business Journal , UMass Memorial temporarily suspended all external emails after implementing protocols for clearing external emails.
Other hospitals have also tightened up the filtering of external emails. Some hospitals also prevented it completely. For example, Holyoke Medical Center temporarily shut down its email system completely on Thursday, giving IT security teams time to scan for potentially dangerous add-ons.
Some of the hospitals started checking all the attachments one by one, searching for past emails. Although this process took some time and was tiring, hospitals wanted to make sure that their inboxes did not contain any malware.
With this checking process, they discovered attachments containing Ryuk ransomware in some phishing emails. (Click to find out what Ryuk Ransomware is). Some emails had Google Drive links and contained malicious links. These documents encouraged victims to download malware by opening and “activating” the documents.
3. What Can Be Done to Ensure Email Security?
Ideally, systems of correct prevention practices, combined with employee training, will protect organizations from most of these attacks. However, there are several ways hospitals can respond to a cyber crisis, including documentation, control, incident response, and data backup.
While there is no way to completely prevent the ransomware threat, organizations can stop ransomware attempts from affecting their business by implementing a multi-layered email security approach to block future threats.
4. Protect Your Enterprise Against Email Attacks with Free Email Security and Anti-phishing Solutions.
Keepnet Labs protects organizations throughout the lifecycle of email attacks.
Each module addresses a key stage in the email-attack lifecycle:
- When attackers are planning an attack, we provide Threat Intelligence. This is “compromised credentials” data related to your organisation and is an early warning that an attack could be planned.
- When the attacker launches an attack, we offer our Email-Threat-Simulator. This patent-pending simulation involves sending hundreds of malicious emails at a dedicated target inbox, testing your technical email defense perimeter for vulnerabilities. The results enables you to fix your defense before an attacker uses that method to successfully attack you.
- At the compromise phase, companies now rely on their users. Keepnet Labs provide Phishing Simulator and Awareness Educator to develop defense behaviours that will make a positive difference to your security posture. Not only do we have a very large library of content for both phishing scenarios and cyber awareness training (HTML, SCORM, video (MP4), games, slideshows and quizzes), we also offer third party content and the ability for you to upload your own. Phishing scenarios and training can be fully customised and branded to align to your business needs.
- Finally, at the compromise phase, data loss is inevitable, so to greatly reduce this risk and impact, Keepnet Labs provide automated Incident Responder. With one click from a user reporting a suspicious email, that email is automatically tested using many integrations and if it’s malicious, all inboxes can be searches and the malicious email(s) can be removed automatically. The entire process is usually no more than 1-2 minutes and can be performed with virtually zero impact to production due to our patent pending techniques.
Use our anti phishing software to ensure your email security against CEO fraud