New Study Reveals Healthcare Industry Subject to Cybercrime—KnowBe4’s Security Training Prevents Attacks

SOURCE: KnowBed4

Clearwater, FL)  November 5, 2012 – According to the Verizon 2012 and 2011 Data Breach Investigations Reports (DBIR), businesses can get a glimpse of how cybercrime is affecting their industry.  Stu Sjouwerman, CEO and founder of KnowBe4 (www.knowbe4.com), a security awareness training firm, responds to the healthcare industry findings, and encourages companies to take precautions by implementing employee training designed to prevent cybercrime.

Verizon’s fifth DBIR report was based on 855 data breaches consisting of over 174 million compromised records.  Within the healthcare industry, results revealed (1):

●   Out of businesses with up to 100 employees, outpatient care facilities faced the most attacks;

●   Most attacks were financially motivated—focused on point-of-sale (POS) systems to gain personal and payment data; and

●   Attacks generally involved hacking or malware.

KnowBe4’s case study proves that untrained employees can cost a company thousands of dollars.  MedLink, a year-round primary care organization with a central administrative office and clinic sites throughout northeast Georgia, fell victim to a cyberattack in 2010.  Cybercriminals hacked the accounts of this healthcare provider by accessing login and password information to MedLink’s online bank account, resulting in a cyberheist of well over $40,000.

There is a distinctive pattern to how these cybercrimes occur.  A targeted email, which appears to be harmless, is typically sent to the company’s accountant or controller.  The message contains either a virus-laden attachment or a link that, when opened, installs malicious software designed to steal passwords.  Armed with those credentials, cybercriminals then hack into the online banking accounts and initiate a series of wire transfers.

MedLink doesn’t appear to be the only healthcare provider to have experienced the damaging effects of a cyberattack.  Health Insurance Portability and Accountability Act (HIPPA) discovered other instances of cybercrime in the healthcare industry (3):

●   Federally mandated records indicate that 37 hospitals and doctors’ offices nationwide have been hacked since 2009, resulting in the theft or damage of patients’ medical records; and

●   Nearly 21 million Americans have had their electronic medical records stolen or lost since 2009.

“For most industries, healthcare included, their greatest susceptibility is well-meaning employees who just haven’t been trained to recognize and avoid phony emails,” commented Sjouwerman.  “It’s critical for employees who have access to patient records to realize that cybercriminals are targeting that exact information.”

Healthcare organizations that are ready to implement training can take advantage of KnowBe4’s latest efforts through a partnership with security consultant Kevin Mitnick (“The World’s Most Wanted Hacker”), wherein they developed Kevin Mitnick Security Training (http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/).  The training is interactive and web-based, and includes case studies, live demonstration videos and short tests.

KnowBe4 uses knowledge of the latest cybercrime tactics in real-time to train its clients’ employees, ranging from defense contractors to hospitals and insurance corporations.

KnowBe4 offers cybercrime prevention resources to help organizations determine their susceptibility to cyberattacks, including a free phishing security test (http://www.knowbe4.com/phishing-security-test/) and a free email exposure check (EEC) (http://www.knowbe4.com/email-exposure-check/), which reveals publicly available company email addresses that cybercriminals can use to target staff, and Cyberheist, the latest book written by cybercrime expert Sjouwerman.  Cyberheist provides the data that allows for setting new security policies, and making sure that such policies are applied in a secure manner while not causing the organization’s productivity to suffer, and which policies inform employees about cybercrime prevention and keep businesses thriving.

For more information on how KnowBe4 can protect the healthcare industry against cybercrime, visit http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/.

To view Sjouwerman’s interview on CBS regarding cybercrime, visit http://www.youtube.com/watch?v=dultIFSgQS0.

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (http://www.knowbe4.com/about-us/) is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium-sized enterprises.  A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010.  Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awarenesstraining (http://www.knowbe4.com/resources/isat-trailer/).  He and his colleagues work with companies in many different industries, including highly-regulated fields such as healthcare, finance and insurance.  Sjouwerman is the author of four books, with his latest being Cyberheist:  The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.  Visit www.knowbe4.com or www.knowbe4.com/cyberheist-the-book/.