As hackers become more sophisticated, it is important to keep up to date with new threats. There are two new threats that are concerning in that they are difficult to recognize and detect. One of these threats is a very convincing phishing scam, while the other is a malicious encryption scheme that evades ransomware detection software. Although these are not necessarily healthcare cybersecurity threats, they target businesses across all sectors, so healthcare organizations must be vigilant.

Phishing Scam Posing as Large Retailers

Healthcare Cybersecurity Threats

There is a new phishing scam that has been reported that is particularly difficult to recognize. This is because it differs from normal phishing schemes, in that instead of directing recipients to click on a malicious link or download a malware infested document. The email poses as large retailers, such as Amazon and PayPal, notifying recipients of a large purchase made on their account. The email then prompts recipients to call if they didn’t make the purchase, providing a contact number that is in fact the scammer’s phone number, not a company’s representative.

Recipients that place the call will be connected to a scammer that will try to obtain as much personal information as possible. This information may include account names, passwords and bank details. In some cases, the scammer will trick recipients into transferring money to a fake account or attempt to install malware on their computers.

This scam can target both businesses and individuals, and is so concerning because many people use the same login credentials across multiple platforms. As such, login credentials stolen in a phishing scam can be used to access a healthcare employee’s system, thus risking the security of the entire organization. When receiving an email about a large purchase, unconfirmed login, or other alert, it is best to look up the company’s contact information on your own, rather than trust the information provided in the email.

Let’s Simplify Compliance

Cybersecurity and HIPAA compliance go hand-in-hand. Protect your business by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

LockFile Ransomware Avoids Detection

LockFIle is a new ransomware threat that uses intermittent encryption to avoid detection from ransomware protections. This threat specifically affects Windows users, as it exploits known flaws to gain access to Windows servers. Once deployed, the malware encrypts only every other 16 bytes of a file, allowing it to avoid detection. 

Mark Loman, Sophos director of engineering said in a statement, “Partial encryption is generally used by ransomware operators to speed up the encryption process and we’ve seen it implemented b