![]() ![]() ![]() Specific details of the methods and detailed findings of potential vulnerabilities are not provided for obvious reasons, but an overview of the strategy used is provided below. The aim of this study is to report on an internal investigation into phishing targeting healthcare staff at one institution representing a UK National Health Service (NHS) hospital and review the medical peer-reviewed literature regarding phishing affecting healthcare organisations.Ī detailed local cybersecurity audit was performed by our organisation using a commissioned party along with standard penetration testing approaches as part of routine cybersecurity policy activity. Variants include spear phishing, in which communications are directed at specific individuals, or types of individuals or companies clone phishing, in which a legitimate email has content changed to create a cloned email containing malicious content and whaling, in which communications are targeted specifically at senior high-profile targets, often supposedly originating from ‘C-suite’ or legal departments. Phishing refers to this general approach, in which large numbers of untargeted communications are sent to a wide range of recipients in the hope that a minority will become victims. Since phishing typically requires the recipient to perform an action, it relies on social engineering techniques, with many contacts therefore appearing to be from trusted sites such as financial institutions, or in the case of healthcare data, IT administrators or healthcare staff. 1 2 Phishing is a method of attempting to gain potentially valuable details, such as usernames, passwords or medical data, for malicious reasons, using targeted communications such as email or messaging in which the attacking party encourages recipients to click links to websites running malicious code or to download or install malware. Healthcare data has significant value and is a potential target for hackers.
0 Comments
Leave a Reply. |