It has been reported that Community Memorial Health System (CMHS) in Ventura, California, has suffered a data breach affecting more than 900 patients after an employee’s email account was compromised in a phishing attack.
The attack happened on June 22 but the employee didn’t notice any anomalies until the next day. The IT department was subsequently informed and an investigation was launched. It wasn’t until July 7 that the investigation revealed that personal information was included within the email account, but a forensic consultant hired to investigate further concluded that it was unlikely that the personal information was accessed.
The affected data included names, medical record numbers, partial health information, and “a handful of Social Security numbers.” Financial information was not included.
CMHS has informed those affected and is said to be providing credit monitoring services for 24 months as a precaution. It is also planning to “provide its employees with further training to reduce the likelihood of further successful phishing attacks occurring.”
The most important line of defense against a phishing attack is the person who receives the email. If your staff are able to identify and correctly respond to a malicious email, the danger can be mitigated. With phishing attacks on the increase, particularly in the healthcare sector, this example highlights the importance of training staff.
Protect your organization and educate your staff
No matter how effective your spam filter is, a spoof email could bypass it, making your staff the last line of defense against fraud. It is therefore vital that they are aware of the risks of phishing emails. E-learning courses are an efficient, cost-effective method of training with minimal disruption.
Our Phishing Staff Awareness Course gives your staff an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.