You Can Lose More Than Money in a Phishing Attack
Quick Answer
Phishing exposure is no longer just financial. Recent breaches read like a healthcare casualty list: 12,000 patient records exposed at Baystate Medical Center, 1,800 patients hit through three compromised UC Davis physician accounts, and 30,000 Florida Medicaid recipients exposed in a single phishing incident. The escalation that matters is from exposure to manipulation: Security Week reported research demonstrating attackers can modify 3D medical scans to add or remove evidence of cancer, aneurysms, heart disease, blood clots, infections, arthritis, torn ligaments, and tumors, which means the next phishing-driven breach in healthcare can change diagnoses rather than just leak them. The control set is the same as every other industry (cloud-based phishing protection with real-time link click inspection and Advanced Threat Defense), but the stakes for healthcare are now patient safety, not just record privacy.
You can lose a lot of things if you get successfully phished: money, credentials, personal information, productivity, reputation, to name a few. Do you know what else you can lose? Your life!
It’s been all over the news lately that successful phishing attacks have led to patient’s medical records being exposed. There was a breach at Baystate Medical Center that impacted 12,000 patients. There were three physicians at UC Davis that got hit in a phishing scam affecting 1,800 patients. And there were the 30,000 Medicaid recipients who had their data exposed in Florida due to a phishing attack. The list goes on.
Having patient medical records exposed in a phishing scam is becoming so common place we’re starting to tune it out. After all, who cares if someone can see my medical record? I’ve got nothing to hide.
Let’s face it, exposure of medical records isn’t the same as access to medical records. It’s one thing for someone to see your medical record, it’s another for them to be able to actually change it. And to some degree, that’s true.
I suppose the real wakeup call will come on the day a phishing attack gives hackers the opportunity to change medical records, which has the potential to put someone’s life at risk. Unfortunately, that day is here.
As if from a scene right out of the movie The Net, starring Sandra Bullock, Hackers Can Add, Remove Cancer From CT Scans. According to the article on Security Week website, “A team of researchers has demonstrated that hackers can modify 3D medical scans to add or remove evidence of a serious illness, such as cancer.”
The article further adds, “that the method can be used to add or remove evidence of various illnesses, including aneurysms, heart disease, blood clots, infections, arthritis, cartilage problems, torn ligaments, and tumours in the brain, heart or spine.” Yeah, it can be used to kill you.
It’s just a matter of time before we hear about the first phishing-related murder or suicide. It’s inevitable. Or is it?
If losing money won’t motivate you to invest in phishing prevention technology with Advanced Threat Defense, maybe losing your life will. When you’re ready to invest in the most affordable medical insurance available, head on over to DuoCircle and get true real-time phishing protection. Don’t let the hackers win.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.