But what if the email to your work address appears to come from a friend or coworker, and addresses you not by your name but by a nickname only known to those close to you? What if it also mentions your spouse or one of your children by name, and references a recent event in your life, such as a vacation or a new car purchase? The sender’s email address might look different (if it is even noticed at all), but with all these other authentic details, that variable could be attributed to a change in email providers. At this point, an invitation to click on a link to a photo may be accepted – once that happens, the hacker has won – he now has access to your company’s systems.
How did this information get out there in the first place? Usually, because we hand it over willingly. How gladly we’ll complete online requests for a product or service by filling in boxes on websites asking for our email address, our cell phone number, or other personal details that we might hesitate to reveal if someone inquired about them in person. That content is then collected, shared, or sold to anyone who asks for it. Just a few pieces of data can transform a phishing email from one that is highly likely to be deemed suspicious, to one that is very hard to detect.
Ad Statistics
Times Displayed: 23122
Times Visited: 497 Stay up to date with the latest training to fix, troubleshoot, and maintain your critical care devices. GE HealthCare offers multiple training formats to empower teams and expand knowledge, saving you time and money
We know these scams are working because of how many victims have been hit. Last year more than 45 healthcare entities suffered ransomware attacks, causing more than 140 hospitals to experience disruption due to the lack of access to IT systems and patient data. According to the Verizon Cost of a Data Breach Report, the average cost of a healthcare data breach reached $11 million in 2023, an increase of more than 50% in just three years. In 2022, the average ransom payment was $5,000; just one year later, it was approximately $1.5 million. And so far, 2024 is looking to be significantly worse.
How to protect yourself
Since all forms of AI feed on information, one of the most effective solutions is to interrupt this vector of attack by cutting off the pipeline of personal information about your employees online. When hackers have less information to exploit, they will likely look elsewhere for their next target.
Providing employees with a corporate account that monitors and eliminates the types of personal information that fuels attacks can cost just a few dollars per employee per year. These services not only lower the volume of available content, they can replace authentic information (home address, cell phone number) with alternatives that cannot be traced back to their user.
