Security News

New Data Security Prevents Healthcare Information Phishing

Continued phishing attacks on healthcare organizations indicate a growing need for better data security techniques.

By Elizabeth O'Dowd

Phishing attacks continue to be a significant threat to healthcare data security, and health IT vendors are working on new prevention techniques to combat them.

Healthcare data phishing

Menlo Security is the latest vendor to produce new security architecture to defend against phishing malware. Menlo Security Isolation Platform (MSIP) analyzes existing email gateways, relieving IT departments of having to continuously monitoring security systems for false positives.

Phishing takes advantage of users by disguising malware behind a trusted and recognized source. The use of false or impersonated organizations trick users into giving away sensitive data. In the consumer world, hackers send messages to users posing as a bank or other familiar institution, asking for personal or credit card details to steal the user’s money or identity.

HealthITSecurity.com reported that healthcare phishing scams are “usually attempts at gaining sensitive patient information from employees, or company information that can then be used to gather patient data,” and that phishing attacks have become more advanced in recent years.

Hackers design false websites, nearly identical to the trusted sites users are familiar with to gain information. Hackers also use multiple phishing attempts, gathering smaller amounts of information from one employee in order to trick another employee into giving up sensitive information.

The US Computer Emergency Readiness Team (CERT) warns that phishing attacks “seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity.”

CERT recommends users contact the company sending the request using contact information found on previous statements that can be verified with known, official resources, and educating employees on how to recognize a phishing attack.

While employee education and awareness are necessary steps in protecting patient data, solutions such as MSIP protect users from receiving phishing malware.

"Enterprises are being compromised by phishing attacks at an alarming rate and need a better way to stop these exploits," said Jeff Wilson, Senior Research Director for Cybersecurity Technology at market research firm IHS. "The Menlo Security approach using Isolation takes phishing attack prevention to a new level and will be interesting for businesses who realize that the status quo in email security is not working."

Menlo Security’s isolation technique is deployed between a user’s device and the internet. The user’s web requests are proxied by MSIP, which accesses the internet on the user’s behalf to execute the browsing session. Only safe information is delivered to the endpoint and all suspicious data and detected malware are filtered out.

MSIP isolates all email links and attachments and stops credential theft with user input restrictions and customizable training reinforcement. MSIP simplifies security infrastructure because it does not require endpoint software on devices and integrates with existing mail servers.

“Adding phishing isolation capabilities to the MSIP creates the only phishing prevention solution that completely eliminates targeted spear-phishing attacks and drive-by exploits by isolating all email links, and attachments,” said Menlo Security Co-Founder and Chief Product Officer Poornima DeBolle. “By stopping this top infection vector, Menlo enables CISOs to report definitive progress against malware attacks to their boards of directors, while also freeing up precious cyber security incident-response resources within their teams."

A cybersecurity survey conducted last year by Healthcare Information and Management Systems Society (HIMSS) indicated that phishing attacks were the key motivation for healthcare organizations to adopt better data security solutions.

Healthcare organizations cannot afford to ignore the growing threat of phishing attacks and should look into data security solutions that simplify the monitoring process for IT departments as well as continue to educate users on identifying and handling phishing attacks they come across.

Dig Deeper: