Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Removing Phishing Emails from Inboxes is Crucial for Healthcare Security

The adage "data is the new oil" doesn't resonate with everyone. Personally, having grown up around cars thanks to my dad, a master mechanic, I see oil as messy and cumbersome. Data, in my view, is more akin to bacon—universally enjoyed and valuable in various forms; everyone wants it and will go to great lengths to have an extra helping, maybe even pushing a sibling's arm out of the way to get the last piece.

The good news is that we know the primary method of gaining initial access to steal healthcare data, which simplifies our ability to set up a good defense. What is the method? Simply replace the action of reaching across the table to stab the last piece of bacon with phishing emails (and yes, I realize I can't stretch my bacon-data analogy much further).

 

Successfully Stealing Healthcare Data

Let's examine some numbers to see why email security should be considered a top priority. Healthcare data has consistently been the top target for cyber threat actors over the past seven years. In 2023 alone, the Health and Human Services (HHS) reported 280 breaches, impacting 24.8 million individuals. Additionally, HHS is currently investigating 451 other incidents, potentially affecting another 120.1 million people.

The HHS "Wall of Shame," established in 2009 to list breaches impacting 500 or more individuals, highlights the severity of these breaches. The six most significant breaches have compromised the data of 127.1 million individuals, surpassing the population of the top five US states combined from the 2023 census. The Anthem breach, now known as Elevance Health, in 2015 was the largest single affecting 78.8 million individuals, double California's population. If the HHS breaches from 2023 formed a state, it would rank as the third most populous.

The US Senate Oversight and Investigations Subcommittee summoned UnitedHealth CEO Andrew Witty to explain the events leading up to and during the recent Change Healthcare cyberattack. During the session, Witty revealed that a "substantial portion" of Americans were affected by the Change Healthcare breach in February 2024, potentially impacting a third of the US population, approximately 110 million people. This incident is the largest breach in the history of the HHS.

 

Defending Against Phishing

Trustwave's report, Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape, identifies phishing as the primary method threat actors use to infiltrate organizations. To counter this, organizations conduct phishing exercises to train employees, ensuring they can recognize and avoid real phishing attempts. Employees who fail these exercises must undergo additional training and face subsequent phishing tests.

When employees report phishing emails, the organization must respond effectively. Rather than merely creating email rules to move or delete reported messages, it's essential to refine our controls. This action includes enhancing email filters, removing phishing emails from mailboxes, and preventing future occurrences.

At a recent conference attended by a number of security professionals, I conducted an experiment to illustrate the efficacy of proactive measures against phishing attacks. During the event's setup, I mentioned our marketing team placed a $250 Amazon gift card under one of the chairs. All the attendees had to do was stand up and check beneath their seat to see if they had won.

Using a tactic similar to those in phishing emails, I crafted my request to seem urgent and enticing. As expected, everyone fell for my ploy—some even checked the empty chairs. I guess I must have appeared quite trustworthy, even though most attendees had met me only five minutes earlier.

The experiment explains why removing phishing emails from all mailboxes is more effective than just deleting them from individual inboxes. If half the audience knew about the fake gift card beforehand, my attempt to convince the others wouldn't work. This outcome parallels the effectiveness of removing multiple instances of the same phishing attempt from all mailboxes within the organization.

Trustwave's MailMarshal offers robust solutions for these challenges. It allows organizations to create new rules based on reported phishing emails to block similar threats. The upcoming version of MailMarshal will enable the removal of phishing emails from all mailboxes within the organization, ensuring comprehensive protection against these attacks.

We can better protect sensitive data and maintain trust in our systems by staying vigilant and proactive in our cybersecurity measures, especially in the healthcare sector.

Trustwave MailMarshal

 

Latest Trustwave Blogs

De-Risk Technology Transitions and Save Money with Trustwave

With all the issues happening in cybersecurity technology lately, such as CrowdStrike’s software update that caused massive outages worldwide last week, it behooves all organizations to take a...

Read More

How Cybercriminals Use Breaking News for Phishing Attacks

Trustwave SpiderLabs issued a warning that threat actors may attempt to take advantage of CrowdStrike’s software update that caused widespread outages by using the news as the center of a social...

Read More

Trustwave Response: CrowdStrike Falcon Outage Update

Trustwave is proactively assessing and monitoring our clients who may have been impacted by CrowdStrike’s recently rolled-out update for its Windows users. The critical issue identified with...

Read More