NCHICA Academy

Over the past few years, there has been a marked increase in the number of breaches or incidents arising from email. Email continues to be critical to the operations of healthcare organizations whether that is communications between staff, communications to employees, or communications with vendors. An incident can stem from a business email compromise (BEC) campaign, a phish, or a malicious attachment. If one of these attacks is successful, it can have a significant impact to the organization and could potentially impact business operations. 

Unfortunately, these types of incidents are increasing. According to the Department of Health and Human Services, the number of breaches affecting healthcare entities and involving email has risen each of the last four years.

The presenter will examine two types of attacks and the people, processes, and technologies that can reduce harm and inform leadership if an incident were to occur. He will draw from actual attacks at his institution, literature, and the controls that he evaluated. As an example, he will describe the Emotet botnet and how it can trick trained and savvy users into reading an attachment and potentially leading to ransomware. Another attack that he will cover is display name spoofing and its role in business email compromise. Lastly, he will discuss a handful of countermeasures that can have an out-sized impact on reducing both the likelihood and impact of a successful attack.