Beware! Phishing emails are a real risk
One innocent click could jeopardize CCHC
Across the nation, ransomware activity continues to be a persistent danger throughout the healthcare industry - and Cape Cod Healthcare is not immune. Our Information Technology Services department is leading the charge to protect our data, but we all play a part in keeping CCHC safe.
This situation requires increased awareness and vigilance with our use of emails, clicking links in emails and opening attachments to emails.One innocent click from a malicious email could jeopardize the entire organization.
The current threat involves malware and ransomware, where CCHC computer systems and data could be stolen and/or locked from access and use. The attacks often originate from emails from untrusted external sources which contain links or attachments which when clicked or opened, can expose our organization to the malware and ransomware.
Keep an eye out for suspicious emails. If you have any suspicion at all about the source or content of an email, report it immediately to Information Securityinfosec@capecodhealth.org or the ITS Help Desk.
The criminals behind recent attacks continuously change their tactics but the latest guidance identifies phishing emails as the primary source of infection.
The most recent hospital attacks used emails with Human Resources-related subject lines enticing recipients with notifications of “bonus,” “promotions,” “forms to fill” or using threatening language like “dismission” and “pay slip.” The malicious emails contained links to file sharing websites likeGoogle Docs where the user was asked to download files.
Be part of our guard against these attacks by doing the following:
- Check for unknown sources: Emails from unknown sources always require a second look. At CCHC, look for the EXTERNAL Warning: label. If you do not recognize the sender, please notify firstname.lastname@example.org or the ITS Help Desk
- Ignore password requests: Be very careful of emails that direct you to enter passwords or try to pressure you to act with urgency
- Don’t install: Do not install software from unknown sources
- Limit browsing: Be careful to search business-related websites only
- Be overly cautious: When you have the slightest doubt about the legitimacy of an email please notify the information security email@example.com - we will review and provide guidance
For detailed information about this ransomware and phishing attacks can be found in this joint advisory:https://us-cert.cisa.gov/ncas/alerts/aa20-302a