MDaemon Technologies Blog

A brief glance through my spam folder in MDaemon Webmail recently reminded me of the need for on-going education on the topic of phishing and Business Email Compromise (BEC) scams. I’d like to be able to tell you that the recent crush of cyberattacks on the healthcare sector, as exacerbated by the COVID-19 pandemic, has run its course – but then I’d be the one scamming. Looking through the latest Health IT Security monthly news archive turns up a long litany of phishing, ransomware, malware, spoofing, password theft and other data leaks, and server vulnerabilities that affect millions of patients and financial donors – and it’s not even the end of the month.

It's just a fact of life: If there's email, there will always be spam. If you’re involved with email security for a healthcare organization, 2020 is absolutely the year you can’t afford not to take this seriously. The healthcare sector has become a major target for cyberattacks during the COVID-19 pandemic, and these attacks are successful so often that Becker’s Hospital Review publishes a monthly update on healthcare provider malware, ransomware and phishing incidents. The most recent list includes:

Whether you run a multi-campus medical center or a small private practice, you’ve likely heard about cyber criminals who try to trick you and your employees into clicking a link or downloading an attachment so they can steal your organization’s money or protected data.

The COVID-19 pandemic has accelerated the adoption of cloud services across all industries, but particularly for healthcare providers. If your healthcare organization is considering moving your email from on-premise servers to the cloud, you must do your due diligence around significant security drawbacks that may overshadow the perceived benefits.

The COVID-19 pandemic has been a boon for bad actors across the digital landscape. In July, for instance, authorities in the U.S., U.K. and Canada all issued warnings about serious cyberattacks against healthcare organizations and others involved in the coronavirus response. The purpose of these attacks? Theft of intellectual property during the race to develop a vaccine. The tool of choice? Spear-phishing email attacks.

Email is the preferred communication method for businesses around the world. It’s also the preferred attack vector for cybercriminals due to its ease of use and low cost, and since the beginning days of email, spam techniques have continued to evolve into a variety of sophisticated threats.

Office 365 is one of the world’s most commonly used software packages -- it’s in use by more than 1 million companies worldwide. The software suite announced more than 200 million individual users back in October 2019 and is adding about 3 million users each month.

Staying informed of the latest data privacy regulations as they apply to healthcare can be challenging. Not only are there a plethora of different security and retention requirements, but the risk of failure is higher than in any other sector:

The COVID-19 crisis has changed the way we approach data privacy and email security as the transition to working from home has been accompanied by a growing surge of Coronavirus themed phishing scams and spoofed websites used to distribute malware or lure victims into providing confidential information.

This week, we learned of a new phishing campaign targeting PayPal users in an attempt to extract as much personal data as possible.